Microsoft forthcoming patch Tuesday will bring no relief from an unpatched Excel flaw that's the target of active malware attacks.

The March edition of Black Tuesday promises three updates, one of which Redmond classifies as critical because it poses a code execution risk. The other two flaws involve spoofing risks and are assigned to the "important" category.

An unpatched vulnerability in Excel has been the target of hacking attacks since late last month. A patch to defend against the underlying vulnerability would fall into the Office category, so we know it won't arrive next Tuesday and is therefore highly unlikely to appear until April. ®

Related stories

• Patches bring zero-day relief from PDF and PowerPoint flaws (13 May 2009)
• Excel bulletin stars in Microsoft patch batch (15 April 2009)
• Unpatched PowerPoint flaw spawns Trojan attacks (3 April 2009)
• Crackers latch onto year-old Windows token vuln (18 March 2009)
• Critical kernel fix stars in Patch Tuesday updates (11 March 2009)
• Zero-day Adobe PDF peril goes click free (5 March 2009)
• Excel Trojan targets unpatched flaws (25 February 2009)
• Microsoft takes scissors to Srizbi (11 February 2009)
• MS lines up two critical updates for Patch Tuesday (6 February 2009)
• Solitary MS update lances critical Windows risk (14 January 2009)
• Oracle patch batch eclipses Microsoft Patch Tuesday (9 January 2009)
• MS (finally) confirms unpatched SQL Server flaw (23 December 2008)
• Microsoft issues emergency IE patch as attacks escalate (17 December 2008)
• WordPad zero-day adds to MS security woes (11 December 2008)
• Updated In-the-wild attacks find hole in (fully-patched) IE 7 (9 December 2008)