Of the three IE bugs in MS07-016, two affect the newest version of the browser, IE 7, on Windows XP and Windows Server 2003f, although the threat rating has been downgraded to "Important." IE 7 on Vista is not at risk, said Microsoft.

Another bulletin, MS07-014, has been long anticipated. The update for Microsoft Word 2000, Word 2002, Word 2003 and Word 2004 for Mac patches six bugs, four of which have already been used by hackers. "We recommend that users also patch this immediately, since exploits are in the wild," said Jonathan Bitle, Qualys product manager.

Three of the four already-used vulnerabilities date back to December, and were reportedly scheduled for release last month before being pulled at the last minute for quality issues.

Other bulletins in the massive patch day -- Tuesday's tied a record with two months in 2006 when Microsoft also released a dozen updates -- fixed flaws in Windows, Office, Visual Studio, various ActiveX controls, the RTF (Rich Text Format) file format, Microsoft Excel and Microsoft PowerPoint.

Users can obtain the February patches via Windows' Automatic Update, from the Microsoft Update service, or through enterprise tools such as Windows Server Update Services (WSUS) and Software Update Services (SUS).