Internet Explorer (IE) users are being urged to patch up systems as soon as possible, after a fix was pushed out to address 37 vulnerabilities in the browser.
Patches have been made available for another five flaws affecting Microsoft Lync and the .NET Framework.
According to a Microsoft advisory, the "security update resolves one publicly disclosed and 36 privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer".
"An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights."
The firm advises users to update as soon as possible.
Amol Sarwate, vulnerability labs director for Qualys, said this month's vulnerability fixes represented "a light patch cycle, but it could prove critical for IE users or those who run ASP.NET and IIS".
Trustwave threat intelligence manager, Karl Sigler, also said the patch cycle for IE was lighter than in previous months, "but it's likely that several of these CVEs have been already been exploited in the wild or will be weaponised soon".
"To protect yourself from these threats, you will want to apply this update as soon as possible."
The other three security bulletins, rated important, fix denial of service problems in Windows and .NET, a Windows elevation of privilege flaw and a denial of service issue affecting Lync Server.
Tyler Reguly, manager of security research at security firm Tripwire, said that for the .NET flaw, "the only known attack vector is ASP.NET, so upgrading IIS server hosting ASP.NET websites should be the top priority when triaging systems to update. The specific denial of service, which could lead to resource exhaustion, is caused by a hash collision."
