Redmond has known about three zero-day flaws affecting its Word software since November and December last year, but has failed to fix them in the previous two patch releases.
Security firm McAfee said that it had expected Microsoft to patch the three Word vulnerabilities in this release.
"Business applications continue to be a prime target for malicious code writers, which is evident in today's vulnerabilities patched by Microsoft," said Dave Marcus, security research and communications manager at McAfee's Avert Labs.
"Coverage for this vector of threats continues to be a primary area of research for McAfee and we recommend that users of these applications take extra precautions to protect their systems."
Three of the four patches released did fix 'critical' vulnerabilities in Microsoft Outlook, Excel and the Vector Markup Language that could allow malicious code to be run on a user's machine.
Microsoft had originally announced eight updates for January, but revised that figure to four a few days later.
Google will keep its eyes on users in other ways
Tesco wrangling with FCA over size of fine
Equinox's Dave Millett explores how phone, mobile and broadband could be affected by a no-deal Brexit
Dust storm on Titan only the third Solar System body where such storms have been observed