As a part of its monthly security update, on Tuesday, Microsoft delivered fixes for four vulnerabilities, three labeled critical.

Three XML Core Services' flaws, which attackers could exploit to execute remote code by tricking a user into visiting a specially crafted web page or clicking on a malicious link, are corrected by the critical patch.

Through a statement, Symantec Security Response Vice President Alfred Huger said, “Proof-of-concept code had been written to take advantage of one of the vulnerabilities, which has been known since January 2007.”

He added, “The XML code to exploit this is somewhat complex to set up, but it only takes one little click from a user to be effective.”

“These critical vulnerabilities should be taken seriously because most Windows machines have XML Core Services installed,” said Amol Sarwate, manager of vulnerability labs at Qualys.

He also added, “That library is used by Microsoft Office, by SharePoint, by Internet Explorer and almost all of the programs used by Microsoft to process XML documents.”

The Microsoft's November bulletin summary further clarifies, “The update also addresses an important bug in the Server Message Block (SMB) protocol, which provides shared access to files. The hole could be taken advantage of to install malicious programs; view, change or delete data or create user accounts with privileged access.”