Each bulletin can have one or more fixes, so the exact number of fixes is unknown, as Microsoft (Quote) does not tip its hand as to the state or nature of the fixes in advance.
The three critical fixes are in Excel, Windows and the .NET Framework. A critical fix is the most severe and frequently involve buffer overflow errors that allow for remote code execution on a compromised system.
That's exactly the situation with these three critical fixes. All allow for remote code execution. Microsoft said patching the Windows and .NET vulnerabilities will require a system restart but the Excel patch will not.
Microsoft has also identified two remote code execution errors it has labeled as Important fixes. While not as severe as Critical, it still means data might be compromised or stolen. The vulnerabilities are in Office and Windows XP. The Windows patch will require a restart.