Microsoft has issued a warning that two of the upgrades in this month's software patch release fix flaws that are actively being exploited on the web.

The company announced last week that it would release two fixes for Windows and one for Office. All the patches have the company's highest 'critical' security rating.

One of the patched problems is a hole in Microsoft's Java Virtual Machine that allows hackers to take control of a computer. Another affects the Colour Management Module inside Windows.

Both flaws can be exploited by previewing an email, opening an emailed attachment or visiting a webpage containing malicious code.

The third patch concerns a bug in Office 2000 and 2002 that could give a hacker full access to a user's system. 

The two holes in Windows components are actively being used by hackers to take over computers. All current and fully patched versions of Windows XP and Windows 2003 are affected by the flaw.

Customers can use the Microsoft auto update service or visit Windows Update to plug the holes.