Microsoft's monthly Patch Wednesday bundle of fixes sees a total of 25 critical vulnerabilities in several products taken care of, including the first fix for a security flaw in the Windows Subsystem for Linux (WSL).
Attackers who are logged in locally could abuse the bug in how WSL handles named pipes interprocess communications, and execute code with full administrator privileges.
Microsoft said the privilege escalation vulnerability (CVE-2017-8622), which affects Windows 10 version 1703 64-bit, is unlikely to be exploited.
The Windows Subsystem for Linux appeared last year. It is the result of a collaboration between Microsoft and Canonical, which develops Ubuntu, and allows users to run Linux binary executables on Windows 10.
Memory corruption issues continue to plague Microsoft's scripting engine for Windows used by Internet Explorer and the Edge web browsers, with 17 bugs that allow remote code execution being squashed this month.
Such vulnerabilities could be exploited through web pages that contain malicious Javascript that triggers the flaws in the scripting engine.
This month's fixes for critical vulnerabilities also handle remote code execution flaws in the Microsoft JET database engine, and the Windows Search, input method editor, and PDF document components.
Patches are also available for Microsoft's Remote Desktop Protocol, Sharepoint collaboration tool, SQL Server database and other software including the built-in Adobe Flash Player in the Edge and Internet Explorer web browsers.
