The first is specific to Vista and is rated important. The second affects all currently supported versions of Windows and is rated critical (important on Server 2003 and 2008).
Microsoft is also planning to release three non-security updates on January's Patch Tuesday: one for Windows 7 and Server 2008 R2 that will "enable future updates to install successfully"; a Windows 7 update providing performance and functionality improvements for graphics, Media Foundation and XPS; and new controls on the loading of external libraries.
"This month we will not be releasing updates to address Security Advisory 2490606 (public vulnerability affecting Windows Graphics Rendering Engine) and Security Advisory 2488013 (public vulnerability affecting Internet Explorer)," announced Carlene Chmaj, senior response communications manager in Microsoft's trustworthy computing operation.
Ms Chmaj noted that the company was aware of targeted attacks using these vulnerabilities and drew attention to the mitigations suggested in the advisories (graphics rendering, Internet Explorer).
As usual, a new version of the Windows Malicious Software Removal Tool will be released. Patch Tuesday usually sees the release of an update for the Windows Mail junk e-mail filter.