Visit the wrong website and your computer could be compromised

All three flaws affect the software giant's Internet Explorer browser.

Security firms said the vulnerabilities were already being targeted by malicious hackers keen to catch out unsuspecting users.

Microsoft said it would produce patches for the vulnerabilities in its next security update due on 11 April.

Attack vector

The first of the problems discovered in Internet Explorer will simply make the browser program crash if it is used to visit a specially crafted webpage.

The other two vulnerabilities are potentially more serious because they can be used to take control of a victim's computer.

Security firms said specially written websites and hijacked servers were already being used to host the malicious code that uses the loopholes to invade vulnerable machines.

In security bulletins about the trio of bugs, Microsoft played down the threat and said: "The attacks are limited in scope for now."

Microsoft usually issues security updates on the second Tuesday of every month and its security team is working towards this date, 11 April, to produce patches for the bugs. However, it said the patches would be released earlier if the threat grew significantly.

Those using the patched versions of IE bundled with Windows 2000, Windows XP and Windows Server 2003 are vulnerable to these bugs. People trying out the Beta 2 version of Internet Explorer 7 are safe.

To avoid falling victim, Microsoft urged users to avoid websites they did not trust and to refrain from opening attachments on e-mail messages from unknown senders.