Microsoft plans to release a dozen bulletins on Tuesday – three of which address critical flaws.

The February Patch Tuesday batch includes a fix for a critical Windows thumbnail preview flaw as well as patching an equally serious flaw in how Internet Explorer handles Cascading Style Sheets (CSS). Each of these zero-day vulnerabilities has been exploited in limited hacking attacks.

The remaining updates address lesser flaws in Windows, Office, Microsoft's IIS web server software and Redmond's development platform, Visual Studio.

Net security services firm Qualys notes that a fix for a recently discovered MHTML flaw in Windows/Internet Explorer will not be addressed by the February Patch Tuesday update. Users are advised to apply Microsoft's workaround, pending the availability of a more comprehensive fix. ®

Related stories

• Politically motivated exploits target activists on Google (12 March 2011)
• March Patch Tuesday leaves IE unpatched for Pwn2Own hackers (4 March 2011)
• ZDI spills beans on 22 zero-day bugs (9 February 2011)
• Microsoft finally says adios to Autorun (8 February 2011)
• Microsoft issues temp fix for serious Windows security bug (28 January 2011)
• Attacks on IE drive-by bug go wild (12 January 2011)
• Zero-day backdoors to be left unplugged on Patch Tuesday (7 January 2011)
• Microsoft confirms code execution bug in Windows (4 January 2011)
• IE 0day accidentally leaked to Chinese hackers (3 January 2011)
• MS warns over zero-day IE bug (23 December 2010)
• Critical IE update in biggest ever Patch Tuesday (15 December 2010)