In its security bulletin summary for April 2008 Microsoft has published five updates for new critical vulnerabilities in its operating systems / applications, as well as three important.

Critical is Microsoft’s highest vulnerability rating.

A summary describing briefly the vulnerabilities is available from Microsoft’s Security Bulletin Summary for April 2008.
From this page you will also find links to more detailed information in Microsoft's Security Bulletins MS08-018 and MS08-021-024.

The critical updates address the following issues:

• One privately reported vulnerability in Microsoft Project
• Two privately reported vulnerabilities in GDI
• One privately reported vulnerability in VBScript and JScript scripting engine in Windows
• Security update of ActiveX Kill Bits (privately reported vulnerability for a Microsoft product)
• One privately reported vulnerability in Microsoft Internet Explorer

Updates that fixes the vulnerabilities are available from Windows automatic update mechanism for systems that support this. Alternatively, one may download updates from http://windowsupdate.microsoft.com.  

Norman advices all affected users to download the security updates as soon as possible, to be protected from potential exploits.