Microsoft has released patches for six flaws in Windows and Internet Explorer as part of its regular monthly security update. The patches are available here. 

Three are rated as 'critical' weaknesses that could allow hackers to gain control of computers. The critical bugs concern Windows Plug-and-Play system, Print Spooler software and the IE browser's image rendering software.

Less serious weaknesses are highlighted in Windows Telephony Service and Remote Desktop Protocol, and in the Windows implementation of the Kerberus authentication protocol.

Marc Maiffret, co-founder and chief hacking officer at eEye Digital Security, said that users urgently need a patch for the Windows Plug-and-Play system, claiming that hackers are likely to publish an exploit in the next 48 hours that will lead to widespread attempts to attack computers. The problem is most serious on Windows 2000 systems.

"To avoid remote exploitation, organisations of all sizes should address these particular vulnerabilities immediately," he said.

"The window to remediate is diminishing as hackers become more sophisticated in their ability to exploit vulnerabilities such as these."

Microsoft said that Windows Server 2003 and Windows XP systems with major security updates are less vulnerable, but could still be affected by certain remote users or those within local systems.

Stephen Toulouse, a programme manager at Microsoft's Security Response Center, claimed that newer operating systems were less vulnerable to the flaws, and that security practices have improved since the last major worm attacks were unleashed.

Security firm Symantec said that the IE patch concerns the way the browser renders JPEG images and could be used to take over a computer via malicious web pages, email or instant messaging.

Oliver Friedrichs, senior manager at Symantec Security Response, said: "Microsoft's latest release continues the trend of client-side vulnerabilities. The potential for graphical image-based exploits is especially concerning as it affects multiple applications and requires no user interaction.

"We recommend applying the updates as soon as possible and to be aware of phishing schemes that attempt to lure users to malicious sites."

Chris Andrews, vice president of product management at security services firm PatchLink, added: "The print spooler flaw means that every business using Windows servers will have at least one system that needs this patch. Getting the necessary patches applied is the only solution."