Microsoft gives word of upcoming Patch Tuesday fixes

Microsoft's next update will address issues in Windows 2000, Server 2003, XP, Server 2008 and Vista

Microsoft is planning to release three security patches on Tuesday as part of the firm's monthly update cycle.

The 10 March update will address three issues in Windows 2000, Server 2003, XP, Server 2008 and Vista. Office and other Microsoft products will not be affected by any fixes this month.

One of the patches is rated 'critical', the highest of Microsoft's four alert levels. If exploited, the vulnerabilities addressed by the patch could be exploited by attackers for remote code execution.

The other two patches are being classified as 'important', the third of four risk levels. Both will address spoofing flaws.

Microsoft did not disclose the exact details of the vulnerabilities being patched, but did say that the 'critical' flaw is considered a risk across all versions of Windows, while one of the 'important' patches does not affect systems running Windows XP and Windows Vista.

The update comes just a week after Microsoft issued an out of cycle patch for a flaw in Excel which was being actively exploited in the wild.

That same update also contained a fix to strengthen defences against attacks making use of the Windows autorun component.