Microsoft has released eight security patches, three of which carry the firm's highest severity rating of 'critical' indicating that a system can be remotely hacked without requiring any user interaction.

In addition to the critical flaws, four fixes are rated 'important' and two 'moderate'. Except for one patch issued for Exchange and Windows, all fixes affect the Windows operating system.

The critical patches affect DirectX versions 7.0 to 8.1, Internet Explorer 5.01 to 6.0 and the MSDTC and Com+ components of Windows XP, 2000 and 2003. 

DirectX is a tool that helps a computer display images. The reported flaw allows a hacker to gain control over a system if the user opens a specially crafted .avi video file. This could be exploited by persuading a user to follow a link sent in an email.

The Internet Explorer vulnerability leaves the application open to a buffer overflow which could cause the application to unexpectedly quit and allow the attacker to execute arbitrary code.

Virus researcher Ero Carrera, from security provider F-Secure, warned on his blog that the three critical holes "might end up being used with malicious intent against unpatched systems". 

After Microsoft released a patch for a critical flaw in August, hackers needed only a few days to create malware that exploited the vulnerability.

The subsequent worm outbreak wreaked havoc across the internet and affected s everal corporations. Authorities succeeded in tracking down the culprits who are currently being held in Turkish and Moroccan jails.

While the updates repair some problems in the Microsoft software, many security vulnerabilities remain unfixed.

Security website Secunia reported 69 security advisories for Internet Explorer 6 alone, of which 29 per cent remain unpatched while 13 per cent have been repaired only partially.

The Microsoft advisories and patches are available here: