Microsoft has patched "critical" security vulnerabilities in its browsers, but has left at least two zero-day flaws with public exploit code.
The software giant released numerous patches late on Tuesday to fix flaws in Adobe Flash for customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10.
The patches are available over Windows Update.
A handful of large companies were alerted to the incoming patches on Monday, but were told not to expect any more updates until next month's scheduled patch cycle, scheduled for March 14.
But the company failed to patch two flaws, which have publicly disclosed exploit code.
The first vulnerability relates to a Windows SMB bug, of which its proof-of-concept code was released just days prior to this month's scheduled Patch Tuesday. The other, released by Google earlier this week, relates to an Windows graphics library flaw, disclosed to Microsoft more than six months ago, according to the vulnerability report.
The patches land a week after the company's usually-timed Patch Tuesday, which the company delayed for the first time in its history.
But it's not know exactly what the root cause of the delay was.