Microsoft has issued more than a dozen DLL load-hijacking updates since last November.

Carey said that the Visio bug could also attract interest from attackers who target specific individuals.

"People who typically use Visio are high-value, often network or systems engineers," Carey argued, referring to people who would likely have other juicy information on their systems, including network administrator usernames and passwords. "These people often have the keys to the [network] kingdom."

The vulnerability could be exploited through malicious Visio documents sent via email, said Microsoft.

Microsoft also patched 15 elevation-of-privilege vulnerabilities in the Windows kernel mode drivers, 14 of them reported to the company by Tarjei Mandt, a researcher who works for Norwegian antivirus company Norman ASA. In April, Microsoft patched . plugged the 15 holes today.