Users had been expecting a patch earlier, since one of the vulnerabilities was reported to the company in June.
The 'important' patch fixes a flaw in the Windows kernel that could allow any code executed on a Windows NT 4.0 or Windows 2000 system to elevate itself to the highest possible local privilege level.
This means that, once the flaw is exploited, the attacker could obtain full admin rights to the PC, even if the user does not have such rights.
Microsoft also announced a change to the way it emails customers designed to thwart attempts by virus writers to send emails masquerading as security updates.
"Starting in 2006, Microsoft will begin signing all security communications sent in email using industry standard Secure Multipurpose Internet Mail Extensions [S/MIME]," the company said in a statement.
"This change will allow for easier customer verification that email coming from Microsoft regarding security is actually coming from Microsoft.
"S/MIME is supported by default on Outlook Express, Microsoft Outlook, and many third-party email programs."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago