Redmond has known about three zero-day flaws affecting its Word software since November and December last year, but has failed to fix them in the previous two patch releases.
Security firm McAfee said that it had expected Microsoft to patch the three Word vulnerabilities in this release.
"Business applications continue to be a prime target for malicious code writers, which is evident in today's vulnerabilities patched by Microsoft," said Dave Marcus, security research and communications manager at McAfee's Avert Labs.
"Coverage for this vector of threats continues to be a primary area of research for McAfee and we recommend that users of these applications take extra precautions to protect their systems."
Three of the four patches released did fix 'critical' vulnerabilities in Microsoft Outlook, Excel and the Vector Markup Language that could allow malicious code to be run on a user's machine.
Microsoft had originally announced eight updates for January, but revised that figure to four a few days later.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away