Five of the vulnerabilities are designated critical and should be patched as soon as possible. Affected software includes Internet Explorer, Office and Windows.
The update includes patches for three zero-day vulnerabilities related to Internet Explorer Cascading Style Sheets (CSS), Windows thumbnail images and an IIS FTP flaw that could allow remote code execution.
But the zero-day patches come as HP/TippingPoint's Zero Day Initiative (ZDI) discloses five new ones. Four of these affect Excel and one affects PowerPoint.
These vulnerabilities were made public before the patches were actually available because the advisory had been in the vendor's hand for longer than 180 days, said Wolfgang Kandek, chief technology officer at security firm Qualys.
The vulnerability broker has opened a total of 22 zero-day vulnerabilities. There is one each for EMC, Novell, CA, SCO; eight for IBM in Domino and Lotus Notes; and four for ZDI's parent company, HP.
"We will be watching to see how quickly the vendors, including CA, EMC, HP and IBM, will react," said Kandek in a blog post.