SANS ISC has a good overview of all the patches: October Black Tuesday.
I'm going to mention Internet Explorer specifically since there are at least four vulnerabilities that could be used in code execution attacks if a user simply surfs to a maliciously Web page. Some vulnerabilities have been publicly known since February 22nd 2007.
The cumulative IE patch (MS07-057), was released as part of this month’s Patch Tuesday updates. It has a critical rating on all versions except for IE 7 on Windows Server 2007. Internet Explorer 7 on Windows Vista is affected.