Microsoft has issued a special cumulative patch for its Internet Explorer browser, addressing three new security holes rated "critical", including one that was used in a virus attack in July.

Patches rated critical mean that not installing the patch may lead to catastrophic damage to a PC because an attack could give a cracker complete control of that system, including the capability to reformat the hard drive, according to Microsoft.

Ordinarily, Microsoft saves up patches for a monthly release, to make it easier for customers and IT staffs. However, when the company rates a security flaw critical, it often releases the patch as soon it's ready, the better to protect users.

"It's probably better to do it this way," says Rob Enderle, principal analyst at technology analysis firm The Enderle Group. "It gives people the option of fixing [the problems right away]. They did the right thing."

Microsoft intends the patch to head off any repeats of the attack which took advantage of multiple weaknesses in Windows and Microsoft's Internet Information Server. The so-called download.ject or Scob virus tried to steal users' data or to create "zombies" for a later planned denial of service attack.

Microsoft issued a patch for one of the weaknesses as well as workarounds to block similar attacks, but it did not patch a second hole quite as quickly. This patch takes care of that one.

This latest release is a "cumulative" update, which contains all previously released security patches for IE. It fixes security flaws in all currently supported versions of Windows, from Windows 98 and Me through Windows XP. This cumulative patch and a description of the problems it solves is available from Microsoft.