The latest release of news bulletins have been released from Microsoft for April 2015 and ten out of eleven are related to vulnerabilities with the windows OS. Three of these could allow remote code execution, in this the limitation of how destructive it can be is what privileges the compromised account has.
Another such issue effects the users of Internet explorer where if used to view a specifically crafted website that targets the issue regarding IE’s vulnerability then the attacker could gain remote access with the only interaction with the client is them accessing a website. The fear here is that little action is required on the victims side and all they need to do is click a link to be compromised, again the damage caused by this is limited to privileges of the compromised account.
These stand as another reminder to make sure that all critical and security based updates have been deployed to user’s computer and servers.
Summary of all of the security bulletins is available here: https://technet.microsoft.com/library/security/ms15-apr