Microsoft expects to release five patches on Tuesday as part of its monthly security update.
One of the patches is rated "critical," and it addresses vulnerabilities in all supported versions of Internet Explorer. Security experts consider this fix to be the most pressing to deploy.
"This one would make it easy to remotely gain access to someone's machine via a malicious web page," said Ken Pickering, development manager of security intelligence at CORE Security, in prepared comments.
The other four patches drew "important" designations and address less-serious weaknesses in Windows and Office.
It's unclear if one of these four repairs the kernel privilege escalation vulnerability discovered by Google researcher Tavis Ormandy. Microsoft has said it is investigating the report of the bug, for which Ormandy wrote a working exploit, but so far hasn't acknowledged it as an issue.