Four patches have been released on Microsoft Patch Tuesday for Internet Explorer - one of them fixing a flaw that has become the target of hackers in recent weeks.

Others addressed some of the problems caused by Son's XCP copy protection software.

Attacks using the vulnerability have not been widespread, but it is important that Explorer users install the patch now, said Neel Mehta, of ISS' X-Force group. "It's not of epic proportions," he said. "But isolated attackers here and there have used it to install malware."

The bug uses a Javascript hole and affects Explorer users on Windows XP, 2000 and 98. Users have to be tricked into visiting a maliciously encoded website first however.

The fix came with three other Explorer bugs in Microsoft bulletin MS05-054, rated critical by the software giant.

Microsoft also updated its Malicious Software Removal Tool to disable the controversial Sony XCP rootkit and remove a malicious Trojan program that takes advantage of the rootkit's cloaking techniques.

A second update, rated "important", fixes a problem in the Windows 2000 kernel that lets an attacker to circumvent Microsoft's user privileges mechanism and perform unauthorised tasks on a PC.

Typically, this flaw could not be exploited remotely, as it requires that the attacker gain access to the targeted computer's keyboard, said Steve Manzuik, security product manager with the company that discovered the bug, eEye.