Among the critical vulnerabilities being fixed is a zero-day flaw in Windows Help and Support Center that was disclosed last month by a Google researcher and has been the target of attacks on Windows XP and Server 2003 in recent weeks. A second critical update covers another zero-day flaw, this time in the AERO display driver component of Windows 7 and Windows Server 2008 R2. The vulnerability was disclosed publicly as early as May.
The remaining two bulletins, one ranked critical and the other important, address issues in all currently supported versions of Microsoft Office except for the newly released 2010 edition. All of the vulnerabilities being addressed pose the risk of allowing remote execution of malicious code on users' machines. More details will come with the release of the patches next week, but in the meantime, Microsoft's advance notification can be found here.