Two new critical MS vulnerabilities released in early January the IE flaw (buffer overflow in the XML parser) is particularly nasty. This is a client side bug which can be triggered by clicking a malicious link from anywhere including emails...
This bug is rated "Extremely Critical", easiest workaround is to use Firefox for browsing until patched.
The MS-SQL white has potential currently only allows privilege escalation and no remote code execution.
Sentinel IPS has signatures to protect against both.
Expoit Code Release for IE XML vuln:
As always patch, patch, patch!