The majority of fixes is for Internet Explorer, the company's browser receives 41 patches to fix memory vulnerabilities. The other two critical updates include a patch for a vulnerability in Windows kernel-mode driver and a bug in the Group Policy components of Active Directory that went undetected for 15 years.
This Group Policy vulnerability allows attackers to perform man-in-the-middle attacks, it took Microsoft roughly a year to fix this issue as it was rooted deep into the structure of Active Directory. Microsoft also notes that Windows Server 2003 will not receive an update for this vulnerability, as a patch is deemed "too disruptive", especially given that the company will stop supporting this old OS shortly.
The other six bulletins involve flaws in the Windows operating system, the Microsoft Graphics Component, Virtual Machine Manager and Office. The latter patch fixes an issue that allows an attacker to infect your PC by merely tricking you into opening a document, such as an e-mail, with malicious code embedded inside.