Microsoft has released security fixes for critical vulnerabilities in Internet Explorer, Office web apps and the VBScript Scripting Engine.
The fixes are part of Microsoft's December 2014 Patch Tuesday update. The flaws could be exploited by hackers to mount remote code execution attacks using various methods.
The Internet Explorer vulnerability could be exploited when users visit a maliciously crafted website. Microsoft warned that "an attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user".
The Office Web apps flaw can be exploited using maliciously crafted Word files, and has the potential to give attackers access to vast amounts of data.
"If the current user is logged on with administrative user rights, an attacker could then install programs, view, change or delete data, or create new accounts with full user rights," explained Microsoft.
The final critical fix for the VBScript Scripting Engine is listed as offering hackers similar powers if the victim visits a malicious website.
Microsoft has also released important fixes for Excel, Office, Exchange Server and Graphics Component. The flaws could be exploited for a variety of purposes ranging from remote code execution to elevation of privileges.
"This [Microsoft Exchange] patch addresses two Outlook web access cross site scripting issues, a web application token spoofing issue, and an issue with Exchange URL redirection," explained Rapid7 senior engineering managerRoss Barrett.
"[The Microsoft Graphics] vulnerability would allow a maliciously crafted JPEG file to be used to help predict memory offsets in a given callstack.
"The remaining issues Important Remote Code Execution issues in Office and Excel which fall below the critical risk level, because user interaction such as opening a malicious document is required for exploit."
Internet Explorer has been a constant source of vulnerabilities for hackers to exploit, noted Karl Sigler, threat intelligence manager at security firm Trustwave.
"There were critical vulnerabilities patched in Internet Explorer every month this year except for January. In all, over 200 vulnerabilities were patched in Internet Explorer in 2014, and the majority were rated critical," he said.
Microsoft's November Patch Tuesday included 17 fixes for various versions of IE, the most serious of which could allow remote code execution if a user views a specially crafted webpage.
Privilege escalation bug already being exploited in the wild
NASA's Voyager 2 probe set to reveal secrets of space beyond the heliosphere as it goes interstellar
The probe is now more than 18 billion kilometres from Earth, with equipment enabling it to reveal some of the secrets of interstellar space
Four glaciers located west of massive Totten glacier have lost almost three metres of ice in height since 2008
Ceres, located in the asteroid belt, has a carbonaceous-rich upper crust, SwRI study claims