Microsoft has plugged 11 security vulnerabilities as part of its July Patch Tuesday release.
Five of the vulnerabilities carry a severity rating of 'critical', five are labelled 'important' and one is labelled 'moderate'.
The 'critical' vulnerabilities affect Excel 2000, Windows Server 2000 and versions 1.0, 1.1 and 2.0 of the .Net framework. An attacker could use each vulnerability to remotely execute malicious code on a target system.
A remote code execution vulnerability was also found in Office Publisher 2007. An attacker could use a specially crafted '.pub' file to take control of the target system with the privileges of the current user.
The vulnerability is classified as 'important' rather than 'critical' because the attacker would have to convince the user to manually launch the malicious file.
None of the 'critical' vulnerabilities affects Windows Vista, but the 'moderate' vulnerability lies within the firewall security software in the 32-bit and 64-bit versions of Vista.
If exploited, an attacker could access the network interface and view sensitive user information.
Oliver Friedrichs, director of emerging technologies at Symantec Security Response, warned that, while the firewall vulnerability is not severe, it is still significant.
The flaw indicates that Vista's new networking components, or network stack, are not bullet-proof.
"A network stack can take decades of heavy scrutiny in order to become battle hardened," Friedrichs said in an emailed statement.
"As an operating system's first line of defence, its quality is directly related to its ability to withstand attack."
Users can download the monthly update through Windows Update or from Microsoft's TechNet website.
Microsoft bundles its patches in security bulletins, each covering one application or software component. July's security update contained six bulletins.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance