Microsoft has released three critical fixes addressing flaws in Windows, Windows .Net framework and Internet Explorer, some of which are being actively exploited by hackers in the wild.
The Windows critical patch fixes two flaws in the operating system's kernel that leave customers open to remote code execution attacks.
"The more severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted website that contains embedded TrueType fonts," said the Microsoft Security Bulletin Summary for October 2014.
"In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an email or instant message."
The flaws are particularly dangerous as researchers at FireEye have uncovered evidence that they are being exploited to launch targeted attacks against "major corporations".
"The FireEye Labs team has identified two new zero-day vulnerabilities as part of limited, targeted attacks against some major corporations. Both zero-days exploit the Windows Kernel," reported FireEye.
The Internet Explorer and .Net critical flaws are listed as potentially just as bad and could theoretically be used by hackers to mount remote execution attacks. There is currently no word on whether they are being actively exploited in the wild.
Microsoft also released five 'important' fixes for various Windows, Office and application bugs.
The most serious of these addresses the infamous Sandworm flaw. Sandworm is known to have targeted numerous high-profile institutions, including Nato, as reported earlier this week by iSight researchers.
The campaign targeted the organisations with spear-phishing messages, and affects all versions of Windows from Windows Vista Service Pack 2 onwards as well as Windows Server versions 2008 and 2012.
Children as young as four to be taught about the dangers of social media
Bans already issued to hundreds of players who used offensive language
The site is perfectly situated for launching small satellites into orbit
Delegates at the ESOF 2018 conference were warned that their perceptions of the digital age were coloured by private industry