Microsoft today released nine security bulletins and a series of product updates to address the issues in them. Six of the nine include critical vulnerabilities on at least some of the products they cover.

• Critical: MS07-042—Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
• Critical: MS07-043—Vulnerability in OLE Automation Could Allow Remote Code Execution
• Critical: MS07-044—Vulnerability in Microsoft Excel Could Allow Remote Code Execution
• Critical: MS07-045—Cumulative Security Update for Internet Explorer
• Critical: MS07-046—Vulnerability in GDI Could Allow Remote Code Execution
• Important: MS07-047—Vulnerability in Windows Media Player Could Allow Remote Code Execution
• Important: MS07-048—Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution
• Important: MS07-049—Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege
• Critical: MS07-050—Vulnerability in Vector Markup Language Could Allow Remote Code Execution

The only critical vulnerability affecting Windows Vista is MS07-050, the VML bug. This isn't the first set of security updates for VML. Several other non-security updates were released as well, along with a new version of the Malicious Software Removal Tool. Updates may be retrieved directly through the links above, via Windows Update and Microsoft Update or Software Update Services.