This month's bumper release of security patches has one bulletin that affects every supported version of Windows.
Microsoft said on its regularly scheduled Patch Tuesday that users on Windows Vista and later -- including Windows 10 -- should patch as soon as possible to prevent attackers from exploiting a flaw in how the operating system handles media files.
The "critical" bulletin (MS16-027) patches an issue that could allow an attacker to remotely execute code or malware as the logged-in user.
Those who are logged in as an administrator are at the greatest risk.
An attacker would have to trick a user into opening a specially-crafted media file, which would let the attacker take control of the entire system.
The good news is that Microsoft said the flaw was privately reported and is not thought to have been actively exploited in the wild by malicious actors.
The other two bulletins include:
MS16-026 addresses a series of flaws in how Windows handles certain fonts. If an attacker either tricks a user to open a specially crafted document, or to visit a website that contains specially crafted embedded OpenType fonts, which could lead to a denial of service attack.
MS16-028 fixes a number of vulnerabilities that would allow an attacker to take control of an an affected system. The patch addresses the flaws by modifying how Windows handles PDF files.
Neither flaws are thought to have been exploited in the wild.
March patches will be available through the usual update channels.