Microsoft has patched 17 security flaws in its monthly update for February.

The 'Patch Tuesday' release contains 11 bulletins for Windows, Office and Internet Explorer, six of which address vulnerabilities rated by Microsoft as 'critical'.

Three browser vulnerabilities could be exploited to allow an attacker to remotely execute code in either IE6 or IE7. A fourth flaw was rated 'critical' for IE6 but given a less severe 'important' rating for IE7.

Microsoft also patched critical vulnerabilities in the WebDAV component of Windows XP and Vista, along with critical flaws in Word for both Windows and Mac.

McAfee researcher Craig Schmugar told vnunet.com that the flaws covered by the monthly update highlight the perils of web-based attacks.

"Today's patches underline the need to be aware when opening files, and the risk of surfing the web unprotected," he said.

"Many of the vulnerabilities could be exploited if a Windows user simply opens a file or visits a malicious or compromised website. These are favourite attack methods among cyber-criminals."

Microsoft noted that none of the February security bulletins affects its two newest releases, Windows Vista SP1 and Windows Server 2008.