Microsoft today issued four updates to fix at least six security flaws in its Windows operating system and Office software. The bundle includes a patch for a critical flaw that hackers already are exploiting to break into vulnerable Windows systems.

The latest updates are available through Microsoft/Windows Update, or via Automatic Updates.

Four of the vulnerabilities fixed in today's roundup earned Microsoft's most dire "critical" label, which means hackers could use them to break into Windows systems with little or no help from the user, save from convincing the user into clicking on a link or opening a file or e-mail.

Among the most serious of the critical updates is a fix for a known flaw in Microsoft's Jet Database Engine, a component built into Windows 2000, Windows XP and Windows Server 2003 that provides data access to applications such as Microsoft Access, Microsoft Visual Basic, and many third party applications. Instructions showing attackers how to exploit this flaw have been available online since November 2007, and Microsoft has acknowledged that cyber crooks are actively attacking this vulnerability, which can be exploited by convincing people to open malicious database files (those ending in ".mdb").

The other three critical vulnerabilities reside in Microsoft Office applications and affect nearly every version of Office, including Office 2007. One of the updates even affects Office applications such as Word Viewer 2003 and Office 2004/2008 for Mac.

People who still run Microsoft Office 2000 will not be able to get the Office updates through Microsoft/Windows Update or through Automatic Updates. Office 2000 users will need to pay a special visit to the Office Update page and let the site scan for missing updates. Depending on which installation option chosen, Office 2000 users may need to have the original Office installation disk handy.

Finally, if you run Windows XP and have not already installed Service Pack 3, Microsoft is apt to offer it to you if you scan for updates or switch on Automatic Updates. Given the large number of people who have reported problems after installing Service Pack 3 - and the tiny benefit users receive from installing the potentially destabilizing update - I'd urge XP users to avoid the service pack for now. Hopefully, over the next few days I can compile a list of the most common sources of SP3 installation problems.

For those who want to go ahead anyway, or for those who have already installed SP3 and are experiencing problems, check out these two links. The first describes a common reboot loop problem experienced by many users who install SP3 on a Windows XP system powered by an AMD processor. The second is a massively long Microsoft support thread that essentially reminds people that Microsoft provides free online (chat and e-mail) and telephone based support for people having trouble installing Service Pack 3. The toll-free support phone number is (866) 234-6020.