The flaws, which affect Internet Explorer and Windows, could allow attackers to take complete control of an affected system, Microsoft said.
The flaws were disclosed during Microsoft’s monthly security patch update.
The firm also disclosed details of an “important” vulnerability in Windows telephony service, and two “moderate” vulnerabilities in the Windows components, remote desktop protocol and Kerebos.
Chris Andrew, vice-president of PatchLink, a specialist in patching, said every business using Windows servers would need to apply a patch.
“A wide range of system components and software are open to exploit,” he said. "IT professionals are strongly advised to apply the new critical August updates this week.”