Microsoft has released three critical fixes addressing flaws in Windows, Windows .Net framework and Internet Explorer, some of which are being actively exploited by hackers in the wild.
The Windows critical patch fixes two flaws in the operating system's kernel that leave customers open to remote code execution attacks.
"The more severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted website that contains embedded TrueType fonts," said the Microsoft Security Bulletin Summary for October 2014.
"In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an email or instant message."
The flaws are particularly dangerous as researchers at FireEye have uncovered evidence that they are being exploited to launch targeted attacks against "major corporations".
"The FireEye Labs team has identified two new zero-day vulnerabilities as part of limited, targeted attacks against some major corporations. Both zero-days exploit the Windows Kernel," reported FireEye.
The Internet Explorer and .Net critical flaws are listed as potentially just as bad and could theoretically be used by hackers to mount remote execution attacks. There is currently no word on whether they are being actively exploited in the wild.
Microsoft also released five 'important' fixes for various Windows, Office and application bugs.
The most serious of these addresses the infamous Sandworm flaw. Sandworm is known to have targeted numerous high-profile institutions, including Nato, as reported earlier this week by iSight researchers.
The campaign targeted the organisations with spear-phishing messages, and affects all versions of Windows from Windows Vista Service Pack 2 onwards as well as Windows Server versions 2008 and 2012.
Facebook told by Brussels-based court to stop tracking non-users and to delete all data held on them
Supply chain and manufacturing experience could give Dyson an important edge
New VR Zone Portal arcades open in London and Tunbridge Wells
Systems-on-a-chip with integrated AI features could make voice and facial recognition