Microsoft has released a series of seven patches in what is scheduled to be the final security update of 2007.

The monthly release includes three patches that address vulnerabilities rated by the company as 'critical', while the other three carry a maximum security rating of 'important'.

Among the three critical patches was a cumulative update for Internet Explorer. The patch fixes four vulnerabilities in the browser. Three of the flaws could allow an attacker to place fraudulent information in the browser's address bar, while a fourth vulnerability could allow an attacker to remotely execute malicious code.

The other critical patches include a fix for DirectX, the graphics software used by Windows. That update includes fixes for two vulnerabilities that could allow an attacker to remotely execute code on a target system.

A critical flaw in the way Windows handles Windows Media files was also addressed. If exploited, the flaw could be used by an attacker to execute code.

The four important fixes issued in the update included flaws within the Windows Vista kernel and SMB components, the Windows XP and Windows 2000 Message Queuing component, and the Windows XP and 2003 Macrovision driver.

The patches fixed vulnerabilities ranging from remote code execution to the escalation of privileges.

McAfee research and communications director Dave Marcus said that the Internet Explorer and Windows Media patches were among the most interesting this month.

"Today's Microsoft patches emphasise the need for proactive browser protection and the risk of surfing the web unprotected,” said Marcus.

"The vulnerability in the Windows Media File Format is another warning that media files potentially aren't safe and people should use caution when opening media files.”