Microsoft has issued its final scheduled security update of 2008.

The December Patch Tuesday release includes updates for 27 separate vulnerabilities spread out over eight bulletins.

Six of the bulletins have been rated as critical, the highest of Microsoft's four security alert levels. If exploited, each could allow an attacker to remotely execute code by way of a specially-crafted file or web page.

One of the bulletins addresses remote code flaws in Internet Explorer, while another addresses an ActiveX component flaw in Visual Basic. Other bulletins address issues in the handling of Windows WMF files and a remote code execution flaw in Windows Search.

Office also received several critical bulletins. Microsoft issued fixes for remote code execution vulnerabilities in Office's handling of Excel spreadsheets, Word documents and Rich Text Files.

The two remaining bulletins were classified as "important", the third of the company's four alert levels. Those two addressed remote code execution flaws in the handling of Windows Media Format components as well as a vulnerability in SharePoint that could be used to obtain elevated privileges.

Barring the release of an out-of-cycle security patch, the December update will be the final set of bulletins issued by Microsoft this year.

Users can obtain the updates from Windows automatic updates component or manually download the update from the company's web site.