"The prerequisite for the vulnerability is that the user has to be authenticated, which is why it is rated important, but you can get around that with an ," says Eric Schultze, CTO at Shavlik. "I would probably rate this patch as critical."

Microsoft said "functional exploit code" has already been published and the company rated the vulnerability a one on its Exploit Index, meaning exploits could be carried out consistently.

The final patch addresses a flaw in Visio that could result in remote code execution. The issue is rated as "important."

After the patches were released, BeyondTrust issued a statement saying five of the eight vulnerabilities could be mitigated by limiting administrative rights on Windows systems. The company recently stating that 92% of all critical vulnerabilities reported by Microsoft in 2008 could have been from Windows systems.