The first addresses a publicly disclosed vulnerability in Windows Backup Manager in Vista that is rated as important. Other currently supported operating systems are not affected.
The issue is a specific case of a more general problem raised last August concerning the way applications load external libraries. An insufficiently qualified file path can allow remote code execution.
The second concerns two privately reported vulnerabilities in Microsoft Data Access Components, which is part of all currently supported version of Windows. The issues allow remote code execution and can be exploited with maliciously crafted web pages.
They are considered critical on XP, Vista and Windows 7, and important on Server 2003 and Server 2008 (including Server Core installations).
Microsoft officials are unaware of any proof of concept code or active attacks using these vulnerabilities.
There might be only two security bulletins, but there are more updates and more security-related news from Microsoft - see page 2.
Microsoft also released a 'reliability update' for Windows 7, an updater update for Windows 7 and Server 2008 R2, new junk mail and malicious links filters for Office 2010, and a new version of the Malicious Software Removal Tool.