In its security bulletin summary for October 2008 Microsoft has published four updates for new critical vulnerabilities in its operating systems / applications, as well as six important.

Critical is Microsoft’s highest vulnerability rating.

A summary describing briefly the vulnerabilities is available from Microsoft’s Security Bulletin Summary for October 2008.
From this page you will also find links to more detailed information in Microsoft's Security Bulletins MS08-052 - MS08-055.

The critical updates address the following issues:

• One privately reported vulnerability in the implementation of Active Directory on Windows 2000 Server configured to be domain controllers.
• Five privately reported and one publicly disclosed vulnerabilities in Internet Explorer.
• One privately reported vulnerability in  Host Integration Server RPC Service
• Three privately reported vulnerabilities in Microsoft Excel.

Updates that fix the vulnerabilities are available from Windows automatic update mechanism for systems that support this. Alternatively, one may download updates from http://windowsupdate.microsoft.com.  

Norman advices all affected users to download the security updates as soon as possible, to be protected from potential exploits.