Microsoft To Release Three Patches, One Critical8:02 PM EST Thu. Mar. 05, 2009
Microsoft plans to release a total of three security updates for Windows Tuesday, repairing at least one critical vulnerability that enables remote hackers to execute malicious code on users' PCs.
One of the patches included in Microsoft's March security bulletin, set for release Tuesday, addresses a critical Windows error that allows attackers to execute arbitrary code, usually without any user intervention, according to the software company's advanced notification posting.
The other two security updates slated for Microsoft's monthly Patch Tuesday release are both given the slightly less severe ranking of "important," one of which does not affect XP or Vista. Both vulnerabilities allow a kind of attack known as "spoofing," in which hackers can redirect unsuspecting users to a bogus or dangerous Web site and then launch malware or steal credit cards, login credentials or other personal information submitted by the user.
Meanwhile, Microsoft's March security bulletin won't be fixing a critical Excel vulnerability, which allows attackers to launch malicious code remotely on users' computers via an infected Excel spreadsheet file. Upon opening an infected Excel file, users unknowingly execute a Trojan horse onto their computers, which can be used to stealthily record keystrokes and steal personal and financial data.
Security experts say that a targeted attack has already been observed in the wild, but does not appear to be widespread.
So far, Microsoft has not issued a fix for the vulnerability, although future actions to remediate the flaw could include providing a solution through a service pack, a subsequent monthly security update or an emergency out-of-band patch.