Microsoft released three security bulletins yesterday, one 'critical' and two 'important', which between them cover all Windows platforms.
The 'critical' flaw, which affects almost all versions of Windows, consists of a buffer overrun in the Windows HTML Converter which could allow an attacker to execute code of their choice.
The second vulnerability , classed as 'important', is also a buffer overrun that could lead to data corruption and allow an attacker to execute code of their choice. This vulnerability affects XP, 2000 and NT.
The third vulnerability , classed as 'important' and only affecting Windows 2000, allows a local user to elevate their privileges by exploiting the Accessibility options for disabled users.
Source : http://www.vnunet.com/News/1142200