Windows users are being warned about a bug that lets attackers take over a PC via the Internet Explorer browser.
Both IE and Firefox are vulnerable to the bugs
The bug made possible webpages that can compromise a PC without a user spotting the attack, Microsoft warned.
Code to exploit the bug was circulating online which led Microsoft to label the bug "critical" and said users should apply a patch immediately.
At the same time a similar bug was found to be affecting earlier versions of the rival Firefox web browser.
Microsoft released patches for three other browser bugs and all the warnings came as part of the software company's regular monthly security updates.
The critical bug in Internet Explorer arises because of the way it works with other programs across computer networks.
If properly exploited the bug would allow an attacker to download a program onto a victim's PC and take remote control of that machine.
Security firm Symantec said it had seen the loophole being exploited online.
In the same MS05-054 security update, Microsoft released software that closes three other loopholes in the Internet Explorer browser.
One of these bugs is also considered "critical" but Microsoft said there was no evidence that code to exploit it was available online.
One of the other fixes that Microsoft supplied in this month's update tackles some of the issues raised by music maker Sony BMG's troubles over its copy control programs.
These were found to leave machines vulnerable to several different exploits, but the update makes it impossible for the insecure versions of the Sony BMG software to run.
Windows users were urged to download and apply all the patches immediately.
As Microsoft was issuing warnings about the critical bug in its browser, the makers of the popular rival browser Firefox were releasing details of a similar problem with its program.
The bug found in the Firefox browser would also allow attackers to download code via well-crafted websites that hands control over to them.
Patching the bug became more urgent as a hacker posted computer code to exploit the bug to a website over the weekend.
Firefox owner and maintainer Mozilla said the loophole was closed in recent updates to its browser but urged all users to ensure that they had this patch applied or to upgrade to the new version of the Firefox browser.