Microsoft has made available patches for three flaws in Windows.

This is the first patch update of the year.

One of the flaws that this will fix was given Microsoft highest severity ranking as "critical" and addresses a Windows transmission control protocol/internet protocol (TCP/IP) vulnerability that could allow a remote code execution, which Microsoft says could give an attacker complete control of the system with no user intervention.

This patch - MS08-001 - addresses the two bugs affecting three Windows TCP/IP protocols: the internet group management protocol (IGMP) and multicast listener discovery (MLD) are used to handle IP multicasting, and the internet control message protocol (ICMP), used for network connectivity and routing.

The second update, MS08-002, patches "an elevation of privilege flaw", which would allow an attack just using local access to Windows 2000, XP and Server 2003.

In an interview with IT Pro, security firm Qualys advised that an attacker who successfully exploited this vulnerability could gain complete control over the affected system; install programs; view, change, or delete data; or create new accounts with full administrative rights.

The patch also included seven non-security related, high-priority updates via Microsoft Update and Windows Server Update Services (WSUS).

There was also the release of an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, WSUS and the Download Centre.