One of the bulletins bears a “critical” rating, Microsoft’s most severe rating, which mostly indicates a fix for a flaw that would allow an attacker take control of a system without user interaction. The bulletin will be released for Windows Server 2003 and Windows XP.

The other bulletin addresses a spoofing vulnerability. According to Microsoft, a successful exploitation of the flaw would allow an attacker to change the address bar in Internet Explorer so the user would be unaware of the fact that he was visiting a phishing website.

This second bulletin is rated “important” and is only needed by those who run Windows Server 2003.

The two bulletins will become available next Tuesday, on November 13. Microsoft will host a webcast to address customer questions on these bulletins on November 14, 2007, at 11:00 AM Pacific Time (US & Canada)