Microsoft warned Windows users yesterday of two new "critical"-rated security flaws in its software that could allow attackers to take control of a computer and delete or copy information. The world's largest software maker issued patches to fix the problems as part of its monthly security bulletin, which affects the Windows operating system and the Internet Explorer Web browser.

Computer security experts urged users to download and install the patches, available at www.microsoft.com/security.

"It is very critical that users patch machines for these vulnerabilities," said Jimmy Kuo, a researcher at McAfee's virus detection centre.

A hacker could exploit one of the security flaws if a user directed the Web browser to a specially designed Web page, Redmond, Washington-based Microsoft said.

Microsoft also issued one other security warning, rated at the second-highest level of "important".

Microsoft has been working for the last three years to improve the security and reliability of its software under its Trustworthy Computing initiative, as more and more malicious software targets weaknesses in Windows and other Microsoft software.

Also on Tuesday, Microsoft began offering downloads of a software tool to remove viruses and other malicious software from computers.

Microsoft last week began offering anti-spyware program downloads for Windows users to block programs that generate unwanted pop-up ads and secretly record a computer user's activities.

Both programs are part of an effort by the company to offer its own computer and Internet security software as it prepares a security subscription service code-named "A1" to provide regular updates for security software and services.

Shares in McAfee and Symantec, the two largest computer security software vendors, fell sharply after Microsoft announced it would release its own anti-spyware software. Since then, McAfee is down 7.5% and Symantec is off more than 6%.