Microsoft released two security updates for November, rating one of them as critical. Here's a brief description of each update; for more information, go to
http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx
MS07-061: Vulnerability in Windows URI Handling Could Allow Remote Code Execution
The attack vector for this exploit is a specially crafted Uniform Resource Identifier (URI) which could be located in an application or an attachment. If unpatched, the vulnerability could allow the execution of unauthorized code on the target computer.
Applies to: Windows XP and Windows Server 2003. Does not apply to Windows Vista or Windows 2000 SP4.
Recommendation: The vulnerability has been publicly disclosed. You should perform accelerated testing and deployment of this update.
MS07-062: Vulnerability in DNS Could Allow Spoofing
The attack vector for this exploit is specially crafted responses to DNS requests, which could be used to redirect Internet traffic from legitimate locations.
Applies to: Windows 2000 Server and Windows Server 2003. Does not apply to client software such as Windows Vista or Windows XP
Recommendation: Microsoft rates this update as important. If you deploy an Internet-facing DNS server, you should perform accelerated testing and deployment. If you deploy DNS only on an internal network, you should test and patch as part of your normal patch management cycle.
