The company also issued the first patch for , the beta-like build Microsoft released at the end of February.
But it was MS12-027 that got the most attention today.
"Things got a bit more interesting today," said Andrew Storms, director of security operations at nCircle Security, "because Microsoft is reporting limited attacks in the wild."
Flaws that attackers exploit before a patch is available are called "zero-day" vulnerabilities.
The single vulnerability patched in is in an ActiveX control included with every 32-bit version of Office 2003, 2007 and 2010; Microsoft also called out SQL Server, Commerce Server, BizTalk Server, Visual FoxPro and Visual Basic as needing the patch.