Easily the most serious of the flaws disclosed Tuesday is the one affecting the Server Service, said Mike Murray, director of vulnerability research at nCircle Network Security Inc., a security vendor based in San Francisco. The service basically allows computers to communicate with each other. The flaw allows attackers to potentially send malformed communications over Ports 455 or 139 and lets them take complete control of vulnerable systems, he said.

The DHCP flaw is also serious, but requires the attacker to be on the same network as the vulnerable system, Murray said.

Meanwhile, Tuesday's updates provide another indication of growing client-side security threats, said Amol Sarwate, manager of vulnerability management at Qualys Inc., a managed security service provider in Redwood Shores, Calif.

"This trend of client side vulnerabilities -- where attackers are creating malformed image files or Excel files that are sent to users via e-mail or hosted on Web sites -- has been increasing" since the beginning of this year he said.

Over the past month, Microsoft has investigated a number of issues related to Excel and Office, following reports that hackers had launched a targeted attack against an unnamed government contractor by taking advantage of a bug in the Excel spreadsheet software.