Microsoft is planning to release seven security bulletins as part of its Patch Tuesday monthly security update on 9 October.
Four of the bulletins are rated 'critical', the company's highest alert level. If exploited, each could allow an attacker to remotely execute code.
The remaining three flaws are rated 'important', the second-highest alert level. Privilege escalation, denial of service and information spoofing are possible consequences of an exploit.
Microsoft uses the term 'bulletin' to describe one or more vulnerability fixes for a certain component or application.
Three of the bulletins address flaws in Windows Vista, including a vulnerability in Internet Explorer 7 deemed 'critical'.
Windows XP users will need to install four of the bulletins, including three 'critical' fixes for the operating system itself and one for Internet Explorer.
A second operating system flaw and an Outlook Express vulnerability were rated 'important' for XP users.
Other software affected by the update includes Windows Server 2003, which was subject to five of the fixes, three deemed 'critical'.
Mac users will be included in the update for the second consecutive month. Microsoft plans to release a fix for the OS X version of Office 2004 that addresses an 'important' security flaw.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago