Microsoft Corp. will release three patches for Windows on Tuesday in an attempt to fix some critical security voids that enable remote hackers to execute malicious code on users’ computers. The three security updates will reportedly be released at Microsoft’s convention Patch Tuesday. 

 

The critical vulnerability affects Windows 2000, XP, Vista and Windows Server 2003 and 2008. 

 

The other two security updates are both ranked by Microsoft as “important.” One of them does not affect Windows XP or Vista, but both vulnerabilities enable an attack known as “spoofing,” in which hackers basically redirect users to a bogus or dangerous Web site and then launch malware,  steal sensitive information such as credit cards info, login credentials or other personal information submitted by the user.

 

However, the company’s March security bulletin does not include a fix for the much-touted critical Microsoft Office Excel vulnerability, which enables hackers to execute malicious code remotely on users’ computers through an infected Excel spreadsheet file. When opening the infected Excel file, users execute in their PCs a Trojan horse without even knowing it.  However, this kind of attack isn’t widespread. 

 

In an advisory note on February 20, Microsoft wrote that the flaw could allow attackers to carry out arbitrary code if a specially designed Excel file tries to access an invalid object.