Microsoft is set to issue two security bulletins, collectively patching three vulnerabilities, as part of January's Patch Tuesday.

The first security bulletin, rated as "critical," affects all supported versions of Windows. The second, rated "important," affects Windows Vista.

Attackers could exploit the vulnerabilities to execute remote code on a targeted computer. "As always, we recommend that customers deploy these updates as soon as possible," said Microsoft.

This month's Patch Tuesday, however, won't address two zero-day vulnerabilities which attackers are reportedly already actively exploiting.

On Tuesday, Microsoft confirmed a zero-day vulnerability that affects its graphics rendering engine, which an attacker could use to install programs, delete data, or create new user accounts. Microsoft also issued mitigation instructions, as well as a Fixit Button that home users and small businesses can use to mitigate the vulnerability.

Microsoft also released a suggested workaround for a zero-day CSS-related vulnerability that affects all versions of Internet Explorer. The flaw was recently disclosed by Google researcher Michal Zalewski, and later confirmed by French vulnerability research firm Vupen.

Full story: InformationWeek