Microsoft has issued a warning that two of the upgrades in this month's software patch release fix flaws that are actively being exploited on the web.
The company announced last week that it would release two fixes for Windows and one for Office. All the patches have the company's highest 'critical' security rating.
Both flaws can be exploited by previewing an email, opening an emailed attachment or visiting a webpage containing malicious code.
The third patch concerns a bug in Office 2000 and 2002 that could give a hacker full access to a user's system.
The two holes in Windows components are actively being used by hackers to take over computers. All current and fully patched versions of Windows XP and Windows 2003 are affected by the flaw.
Customers can use the Microsoft auto update service or visit Windows Update to plug the holes.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software