One of the fixes is "critical" and addresses at least one vulnerability in XML Core Services when installed on Windows and Office. The affected Windows platforms are 2000, XP, Server 2003, Vista and Server 2008.
The other patch, deemed "important," involves a general Windows issue.
All the bugs being patched could be exploited to execute remote code, the notification said.
Keeping with its monthly custom, Microsoft plans to release an updated Windows Malicious Software Removal Tool and non-security updates on Windows Update, Windows Server Update Services and Microsoft Update.
Microsoft also shipped two patches in November 2007.