This year's contest offers a grand prize of $150,000 that requires researchers to deal with Microsoft's EMET anti-exploit toolkit.
Three of the four updates for Windows on Patch Tuesday will affect Windows XP, which is scheduled for retirement in April.
Security analysts advise applying critical Oracle and Adobe patches before those from Microsoft.
Subscribers to organizations that sell exploits for flaws not yet known to software developers learn early about vulnerabilities in popular programs, a study says.
Microsoft issued five critical security bulletins in December's round of Patch Tuesday.
Microsoft wraps up the year's Patch Tuesday bulletins next week with 11 more fixes, pushing this year's total to 106, up from 83 in 2012.
Attackers are exploiting security holes found in older versions of Office and Windows, plus current versions of Lync. A fix is available, however.
The security researcher who was awarded $100,000 by Microsoft said he spent about two weeks pondering, then demonstrating a new way to circumvent Windows' defensive technologies.
Microsoft released eight security bulletins for the October Patch Tuesday, and one fixes two flaws in IE already being exploited in the wild.
Security experts identified the Internet Explorer browser update as the one to deploy first.