The fourth critical bulletin, MS13-099, affects all desktop and server versions of Microsoft Windows, including Windows RT. This vulnerability, in the Windows Script functionality, allows a remote attacker to gain access to a computer through a website that hosts specially crafted content.
The final critical vulnerability for this month, addressed in MS13-098, allows attackers to add their own malware to software being installed on a computer over a network using the Authenticode signing algorithm.
The remaining bulletins, ranked as important, should be applied in the organization's usual patch management schedule, Kandek advised. They cover Windows, SharePoint Server, Office and Microsoft Developer Tools.
For the year, Microsoft covered 330 vulnerabilities with 106 bulletins.
Sign up for CIO Asia eNewsletters.