Among the patches in the monthly update is a fix for a critical vulnerability in the Microsoft Malware Protection Engine for Windows Vista.
The component powers the Windows Defender and OneCare security software for the operating system. The flaw could allow attackers to take control of a system, Microsoft warned.
"Because Windows Defender is a component of Windows Vista, Windows Vista is vulnerable," a Microsoft spokesman told vnunet.com.
"However, because Windows Defender automatically updates the engine, all Windows Defenders users are likely to be using an updated version of the engine and no additional action should need to be taken to download or install the update."
The February patch release offers an additional five critical bulletins that include fixes for Office, Internet Explorer and Windows.
The six remaining bulletins addressed vulnerabilities classified as 'important'. Microsoft said that 10 of the 12 updates concern vulnerabilities that could allow an attacker to remotely hijack a system.
Six of the vulnerabilities have been the targets of zero-day attacks, said McAfee. Office, in particular, has been a favourite target of attackers of late.
Dave Marcus, security research and communications manager at McAfee, told vnunet.com that the rash of Office exploits continues the trend of malware authors targeting widely deployed Microsoft business applications and services.
"Malware authors continue to find unknown or unpatched vulnerabilities in popular applications and services which are then used in zero-day attacks," he said.
One of the Office bulletins was issued to replace a previous patch for Excel and PowerPoint that Microsoft said was "ineffective".
Other critical fixes address problems in Internet Explorer, Windows Data Access Components, and the HTML Help access control.
The 'important' fixes include remote code execution flaws in Windows MFC and OLE Dialog components, and a pair of flaws in the Windows Shell and Image Acquisition service that could allow a users to elevate their user privileges.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away