Microsoft has patched 19 critical security issues in its regular round of security updates for July 2017.
The patch bundle addresses 54 issues in total, several of which allow for remote code execution.
No fewer than 12 critical memory corruption vulnerabilties in the Windows Scripting Engine component for Microsoft's web browsers are taken care of with the latest set of patches.
The Zero Day Initiative project said several of the patches were discovered as part of its bug hunting program.
One of the more oblique vulnerabilities patched today involves Microsoft's augmented reality device, the HoloLens.
A memory corruption flaw in the HoloLens software can be exploited by sending specially crafted wi-fi packets to fully compromise the device. No authentication is needed.
"On its own, that’s something to really delve into, but more than that, we now live in a world where Microsoft releases security patches for augmented reality headsets," ZDI wrote.
There is no known in the wild exploit for the HoloLens RCE, and the device is not in wide use.