The patches include one that was pulled at the last minute in September because officials deemed it not ready to be installed on user systems.
The security bulletin, a critical fix to Internet Explorer (IE), involves a problem in the browser's DDS Library Shape Control (msdds.dll) library and other COM objects.
If a user logged on as the administrator and falls for the attack by inadvertently downloading and installing the malware, that would give the attacker full rights to the compromised system. The attacker could then add, delete and change all files on the computer.
This month's security update included two other critical security bulletins. Both, if exploited, would give the malware writer complete control of the end user's system and allow them to modify and delete files on the computer.