Microsoft released patches for two critical flaws on Tuesday, two days after security researchers found two more vulnerabilities in the Windows Meta File (WMF) format.

The patches follow last week's emergency patch for a severe vulnerability in the WMF format, bringing the software giant's total to three for January. The two fixes released on Tuesday close security holes in Windows' handling of Web fonts and Microsft Outlook e-mail client's and Exchange server's handling of attachments using the Transport Neutral Encapsulation Format (TNEF).

The patches came two days after researchers found additional flaws in the Windows Meta File (WMF) format. The vulnerabilities, which could cause a denial-of-service condition, occur in how Microsoft Windows' WMF graphics rendering engine processes the ExtCreateRegion and ExtEscape functions.

"As it turns out, these crashes are not exploitable but are instead Windows performance issues that could cause some WMF applications to unexpectedly exit," a representative of the Microsoft Security Response Center said in a blog post. "These issues do not allow an attacker to run code or crash the operating system."

While no evidence exists that the bugs allow code execution, Microsoft has mistakenly identified previous flaws as denial-of-service issues only to find they have had more serious implications. In December, the software giant fixed a flaw in Internet Explorer that had been flagged in May as a "crash bug."

CORRECTION: The article identified the wrong Microsoft flaw as one that had previously been classified as a "crash bug." The recent flaw fixed within Internet Explorer in December had, in May, originally been flagged as a "crash bug."