Software giant Microsoft today issued updates to plug at least 19 security holes in its various Windows operating systems and other software.

The patches fix dangerous flaws in Windows 2000, XP, Vista, Windows Server 2003 and Windows Server 2008, 15 of which the Redmond, Washington based company described as “critical”.

Microsoft labels a security flaw “critical” if attackers could use it to seize control over a vulnerable system without any help from the victim.

Many of the flaws fixed this month stem from faulty ActiveX controls, tiny programs built to work with Internet Explorer that have full access to the Windows operating system.

A dozen of the flaws earned the highest rating on Microsoft’s “exploitability index,” which is the software maker’s best estimation of the likelihood that criminals will soon develop reliable ways to exploit them to break into Windows-based machines.

Today’s release also fixes four ActiveX flaws that shipped with most supported versions of Microsoft Office, including Office 2000 Web Components, Office XP, and Office 2003, with Microsoft warning that at least one of these Office flaws is actively being exploited online.

The company said none of the vulnerabilities affect Windows 7, its newest operating system, and said users could download the patches from the Windows Update or via the Microsoft Update overview webpage.