Microsoft will release three new patches for Windows XP tomorrow which are expected to plug "extremely critical" vulnerabilites in Internet Explorer.
The vulnerabilities were discovered by Danish security research firm Secunia and Greyhats Security Group and affect Windows XP with or without Service Pack 2 installed.
Secunia says there is now a working exploit out for one of the vulnerabilities that will compromise Windows XP SP2 systems if users visit a web page. That particular exploit has been known to Microsoft for two months.
Another issue lets attackers display a bogus website while the address bar in Internet Explorer shows the URL of a spoofed site, as well as activate the icon indicating that the site is secured with SSL. This exploit could be used by phishers wanting to steal customers' passwords, Secunia says.
The vulnerabilities are severe enough for Secunia to advise that users dump Internet Explorer completely and use a different browser.
Nathan Mercer, technology specialist at Microsoft New Zealand, confirmed that three patches will be released tomorrow morning, NZ time. However, Mercer was unable to say whether the patches cover the Internet Explorer-related issues reported by Secunia. The patches will be available via Windows Update and are part of the standard set of patches released on the second Tuesday every month, US time, by Microsoft, according to Mercer.
Mercer says the patches are not a special release, and are for Windows XP and thus not IE-specific ones. He was unable to say whether patches for previous Windows releases will be available tomorrow as well.