Along with its Tuesday-scheduled 'patch package' for three new "critical" security vulnerabilities affecting Windows, Microsoft will also release three "important" fixes for other Microsoft products, namely - Publisher, Internet Security and Acceleration (ISA) Server and Virtual PC and Virtual Server.

As per the details forthcoming from the patch advisories, the fixes would affect machines running Windows Vista, Windows XP or Windows Server 2003. For users whose computers are set to automatically receive Microsoft patch updates, the fixes can be received without manual intervention.

Among the to-be-released fixes, the most-awaited one is a security vulnerability in Microsoft Video ActiveX Control, which affects computers that run Windows XP or Windows Server 2003. The vulnerability allows hackers to carry out information-stealing Trojan attacks on the computers of the users, by enticing them to malevolent Web sites while they are running the Internet Explorer (IE).

Of late, a number of attacks that have been detected by experts exploit the ActiveX imperfection on hordes of Chinese Web sites, accessed by IE, along with the Russian Embassy Web site in Washington, D. C.

In response to Microsoft's alleged delay in fixing the problem, Mike Reavey - group manager for the Microsoft Security Response Center - said: "I want customers to understand that this is an issue that was responsibly reported to us and we have been driving in our standard process towards a security update."