All of the critical updates target flaw that would allow an attacker to remotely execute malicious code on the user’s OS and thus compromise it. Two of the updates address components found in the entire Windows line, including DirectX, DirectShow and Windows Media Format Runtime, while the third one fixes holes in the Internet Explorer 6 and 7.
As for the “important” updates pack, two of the also fix issues related to remote code execution. Out of the remaining two, one patches up a flaw that would allow elevation of privilege and the other has “no more local elevation of privilege” written all over it.
Still, nothing more has come from Microsoft. The company is very cryptic in its advisory and chances are that the actual locations of the flaws won’t be disclosed in the near future either.
The seven updates will be released on December 11.