-- A critical vulnerability in the way Internet Explorer handles mismatched Document Object Model objects that allows attackers to take full control of compromised systems

-- A remote code flaw in the way Internet Explorer displays file download dialog boxes and accepts user input that could allow hackers to execute code remotely on affected systems

-- An information disclosure vulnerability in the way Internet Explorer behaves in situations requiring client systems to authenticate themselves.

Of those, the mismatched Document Object Model flaw is especially important to patch because an exploit for it is already available, said Neel Mehta, team lead at Atlanta-based Internet Security Systems Inc.'s X-Force security research team.

The flaw was originally disclosed as a denial-of-service vulnerability by Microsoft several months ago but was upgraded to a critical issue by Microsoft because of the availability of exploit code for it, he said.