Six of the 10 updates were ranked "critical" by Microsoft, with the rest ranked lower in terms of seriousness. Microsoft had anticipated that it would release a large number of patches yesterday, initially predicting that there would be 11 updates altogether.

The patches include fixes for both Office and Windows , and can be downloaded manually from Microsoft's Web site or installed using Windows Update. A technical problem cropped up for those using Windows' built-in automated download tool, but Microsoft already has fixed that issue.

Quick Fix

Active attacks against the patched vulnerabilities include zero-day exploits against Word and Excel, as noted in a Symantec advisory.

One of the most critical flaws patched is in the Windows Shell, which, on unpatched systems, can be exploited to take complete control of a PC. The flaw reportedly has been used in attacks against PCs done through Internet Explorer.

The other critical flaws could also allow an attacker to obtain at least some level of access to a user's system , Microsoft warned.

Office Max

The number of vulnerabilities being patched is not an indication that Microsoft's products are getting more buggy, but rather is a nod toward new research directions, said Thomas Kristensen, chief technology officer at security firm Secunia.

"There has been a particular focus on different Office vulnerabilities," he said. "Not too much research was being done on the application suite in the past, but there has been a lot lately, and that's uncovered a number of fixes that Microsoft has considered."

According to Kristensen, Microsoft has been working on Office patches more seriously since last May, when a critical vulnerability in Word appeared. The number of newly discovered Office vulnerabilities also shows the direction that hackers are taking, Kristensen added. Increasingly, they are focusing their attacks on applications rather than targeting networks.

"The range of these patches is a good thing," Kristensen concluded, "although it's bittersweet, because many of them were discovered because bad people were trying to exploit the vulnerabilities."