The critical patches include one for a previously-disclosed vulnerability in DirectShow, which has seen “limited attacks” in the form of specially crafted QuickTime files that could allow remote code execution. Microsoft also says it’s been working around the clock to produce an update for the “browse-and-get-owned” ActiveX flaw in time for Tuesday, but they aren't making promises at this point. The company issued a warning for the flaw earlier this week and advised customers to temporarily disable the ActiveX component in Internet Explorer.
Microsoft provided few details about the third critical update, except to say that it affected all versions of Windows. More information will be available on the Security Research and Defense blog next week.