The second critical bulletin, labeled , concerns four issues with IE that aren't known to be under "active attack." If successfully exploited, a malicious hacker could execute code on the affected machine with the privileges of the current user. As with the previous hole, users would need to visit a malicious Web page to fall victim to the attack. This vulnerability is rated critical for IE 6, IE 7, IE 8 and IE 9 on Windows clients and moderate for those same IE versions on Windows servers.

The third critical bulletin, labeled , involves three holes in Windows Networking Components related to the Remote Administration Protocol (RAP) and one issue affecting the Print Spooler. The vulnerabilities could allow malicious hackers to launch denial-of-service attacks and execute code remotely on the affected machine, among other scenarios. Microsoft hasn't received reports that these holes have been exploited.

The issue is critical for all supported editions of Windows XP and Windows Server 2003; important for all supported editions of Windows Vista; and moderate for all supported editions of Windows Server 2008, Windows 7 and Windows 2008 R2.

A fourth critical vulnerability, , affects the Windows Remote Desktop Protocol and can be exploited by attackers who send a sequence of "specially crafted" RDP packets to an affected system. RDP isn't turned on by default on any Windows OS. This hole is rated critical for all supported editions of Windows XP.

A fifth critical vulnerability, , relates to Exchange Server's WebReady Document Viewing feature. The exploit could allow execution of remote code on the affected system. Users would need to preview a malicious file using Outlook Web App. This is rated critical for all supported editions of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010.