Microsoft has released an advisory warning all users of its Windows operating system of two new critical flaws that could allow a malicious attacker to take control of a victim's PC.

The critical flaws occur in the software giant's implementation of the Java Virtual Machine, which allows platform-independent programs to run on a PC.

"(The flaws) could enable an attacker to gain complete control over a user's system," stated the advisory. "This would enable the attacker to perform any operation that the user could, such as running applications; communicating with web sites; (and) adding, deleting or changing data."

An attacker could exploit the flaws by getting the victim to view a certain Web site with the code embedded in page. HTML e-mail could also be a danger, unless the recipient uses Outlook 2002, Outlook Express 6.0 or has installed the Outlook E-mail Security Update. Finally, those who used the Internet Explorer security settings to disable Java applets won't be affected by the vulnerabilities.

The first vulnerability is caused by a lack of vigilance of certain Java classes that handle database requests. While the classes do attempt to block illegal requests, the security measures can be bypassed, the advisory states.

A second flaw occurs in a Java class that's provided to support the use of XML via Java, but allows all programs--not just a select few--to use the methods.

Microsoft has a patch posted on its site and linked from the advisory. Windows users can also get the patch through Windows Update.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.