Microsoft has issued four "critical" security updates for its Internet Explorer browser and the Exchange Server e-mail platform.
The critical updates, part of Redmond's monthly security update, are designed to stop hackers remotely taking control of users' systems.
Microsoft Security Bulletin MS09-002 plugs two holes in Internet Explorer, and Security Bulletin MS09-003 fixes the two threats to Exchange Server.
In addition, Security Bulletin MS09-004 fixes an "important" remote code execution vulnerability in SQL Server.
Also, Security Bulletin MS09-005 tackles three important vulnerabilities in Microsoft Office.
Read more on IT risk management
Microsoft has issued six security bulletins for December, bringing the total for 2009 to 74, compared with 77 in 2008, 69 in 2007 and 78 in 2006.