A new version of the Microsoft VM is available, which includes all previously released fixes for the VM, as well as fixes for 8 newly reported security issues. The attack vectors for all of the new issues would likely be the same. An attacker would create a web page that, when opened, exploits the desired vulnerability, and either host it on a web page or send it to a user as an HTML mail.
Versions of the Microsoft virtual machine (Microsoft VM) are identified by build numbers, which can be determined using the JVIEW tool as discussed in the FAQ. All builds of the Microsoft VM up to & including build 5.0.3805 are affected by these vulnerabilities.
The patch is available to update existing Microsoft VMs via the Windows Update web site.