The other flaw disclosed last week involves the way that Windows handles embedded Web fonts. Microsoft said attackers could exploit the vulnerability by constructing malformed Web fonts and then tricking users into visiting malicious Web sites or viewing specially crafted e-mail messages.

In a related matter, details of two new flaws in the way that Windows renders images in the Windows Metafile (WMF) format were posted on the Web. But security researchers said those vulnerabilities are far less serious than the one that Microsoft patched two weeks ago, ahead of its monthly update release.

"This is only getting any attention because it's WMF and Microsoft just released a WMF patch," said Russ Cooper, a senior information security analyst at Cybertrust Inc. in Herndon, Va., and editor of the NTBugtraq mailing list.

-- Robert McMillan of the IDG News Service contributed to this story.