Microsoft on Tuesday declined to commit to deploying patches for a widespread wireless flaw in PCs running Windows, but did not shut the door on a deal that would use its update services to roll out fixes.

"Microsoft is investigating the customer impact of a vulnerability in Broadcom's wireless driver, and is working with Broadcom to determine the best way to help protect Windows users who have the vulnerable driver installed," a company spokesman said.

"In general, Microsoft only distributes third-party security updates through the standard Microsoft update mechanisms, such as Microsoft Update, Windows Update, and Automatic Update, if the affected third-party software is distributed by Microsoft," the spokesman went on.

The last time Microsoft issued a third-party patch was in May, when it included a fix for Flash Player, the Adobe-owned media player that's bundled with Windows XP.

Microsoft's comments were in reaction to questions posed after a vulnerability in a widely-used wireless driver from chipset maker Broadcom was disclosed this weekend. Although Broadcom has patched the driver and distributed the patch to computer and wireless card makers, each computer maker or hardware provider must tweak the driver before posting it for user download. Some security professionals, including volunteers at the Zero Day Emergency Response Team, have publicly wondered whether Microsoft's automatic update services might be useful to distribute fixes to all affected users.

Microsoft left the door ajar. "Vendors who would like to ship updated drivers, not distributed by Microsoft, can work with Microsoft in certain circumstances to distribute those updates through Microsoft's standard update mechanisms," the Redmond, Wash. developer's spokesman said.

Broadcom was not immediately available for comment on specifics of its conversations with Microsoft or whether it had requested that the operating system maker roll out a fix.

In other wireless vulnerability news, the "Month of Kernel Bugs" (MoKB) project, which disclosed the Broadcom bug Saturday, released another flaw Monday, this one in the D-Link DWL-G132 wireless adapter, a $64 flash drive-sized USB device. According to the alert posted by the MoKB, the adapter uses a buggy driver that can be exploited by attackers to compromise any PC using the DWL-G132 in a public hotspot.