The two critical updates include:
MS11-057 (Internet Explorer). This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Microsoft is not aware of any attacks leveraging the vulnerabilities.
MS11-058 (DNS Server). This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk.
“Top priority should be given to a ‘critical’ bulletin that affects Internet Explorer 6 through 9 on Windows 7, XP, Vista, 2003 and 2008,” said Qualys Chief Technology Officer Wolfgang Kandek. “If left unpatched, attackers could use this vulnerability to remotely take control of victims’ systems.”