SEATTLE – Microsoft Corp. (MSFT) on Tuesday released six patches to fix software flaws that carry its highest threat rating, including three for defects that attackers were already trying to exploit.
The company said all six of the critical flaws could allow an attacker to obtain some access to other people's computers.
The Redmond software maker also released four other patches to fix vulnerabilities that the company deemed less severe.
• Click here to visit FOXNews.com's Cybersecurity Center.
Customers can download all the patches for free on Microsoft's security Web site and also can sign up to have them automatically delivered to their computers. The automatic update system went down for several hours Tuesday, but the problem was later resolved.
Christopher Budd, a program manager with the Microsoft Security Resource Center, said that the company had seen limited attacks exploiting the flaws, but were nevertheless recommending that users apply those and other patches immediately.
Such vulnerabilities are rare. In most cases, security experts quietly provide Microsoft evidence of a security flaw, allowing the company to fix the problem in secret and release a patch before attackers can take advantage of it.
But recently, the company has been hit with a number of so-called "zero-day" attacks, in which flaws are targeted before Microsoft is aware of them or can release patches.
Such attacks have prompted some security researchers to release their own interim fixes. Microsoft also has occasionally taken the unusual step of releasing patches outside of its normal monthly fix schedule, so users can be safeguarded more quickly.
Budd said Microsoft isn't seeing any specific pattern to the burst of zero-day attacks. But he said the company is seeing more focus on attackers trying to infiltrate computers through applications — such as Word or PowerPoint — rather than the Windows operating system.
Microsoft software is a constant target of Internet attackers, in part because the company's products are so widely used.
Microsoft has yet to release a patch for one other publicly known flaw — one affecting the Internet Explorer browser that is part of its Windows operating system. Budd said the company was seeing very few attacks as a result of the flaw.