Microsoft has published two security updates for its Windows operating system, both of which carry the software giant's most severe rating of 'critical'.
The first patch targets a vulnerability in the way that Windows handles embedded web fonts. Attackers could use the hole to take control of an affected system.
Embedded web fonts allow documents to come bundled with the appropriate fonts to ensure that they are properly displayed. The technology has been built into Internet Explorer since version 4.
The second fix plugs a security hole in several versions of Outlook and Exchange Server, which again could allow an attacker to take control of a system.
The vulnerability concerns the way that the messaging applications decode the Transport Neutral Encapsulation Format Mime attachment, Microsoft said in a security advisory.
An attacker could exploit the flaw by crafting a special email attachment spread via a spammed message. The user still has to preview or open the message to become infected.
The patches are Microsoft's second security release for this month, after the vendor was forced to rush out a patch for a widely exploited security flaw in the WMF graphics format last week.
Microsoft typically issues its security updates on the second Tuesday of the month, a cycle that has become known as 'patch Tuesday'.
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display