Microsoft has patched "critical" security vulnerabilities in its browsers, but has left at least two zero-day flaws with public exploit code.
The software giant released numerous patches late on Tuesday to fix flaws in Adobe Flash for customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10.
The patches are available over Windows Update.
But the company failed to patch two flaws, which have publicly disclosed exploit code.
The first vulnerability relates to a Windows SMB bug, of which its proof-of-concept code was released just days prior to this month's scheduled Patch Tuesday. The other, released by Google earlier this week, relates to an Windows graphics library flaw, disclosed to Microsoft more than six months ago, according to the vulnerability report.
The patches land a week after the company's usually-timed Patch Tuesday, which the company delayed for the first time in its history.
But it's not know exactly what the root cause of the delay was.
ZDNet's Mary Jo Foley said sources familiar with the company's goings-on said problems with Microsoft's build system could be the cause of the delay.
A spokesperson for Microsoft would not comment further on the issue.