Microsoft has issued a warning that two of the upgrades in this month's software patch release fix flaws that are actively being exploited on the web.
The company announced last week that it would release two fixes for Windows and one for Office. All the patches have the company's highest 'critical' security rating.
Both flaws can be exploited by previewing an email, opening an emailed attachment or visiting a webpage containing malicious code.
The third patch concerns a bug in Office 2000 and 2002 that could give a hacker full access to a user's system.
The two holes in Windows components are actively being used by hackers to take over computers. All current and fully patched versions of Windows XP and Windows 2003 are affected by the flaw.
Customers can use the Microsoft auto update service or visit Windows Update to plug the holes.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend