Each bulletin can have one or more fixes, so the exact number of fixes is unknown, as Microsoft (Quote) does not tip its hand as to the state or nature of the fixes in advance.
The three critical fixes are in Excel, Windows and the .NET Framework. A critical fix is the most severe and frequently involve buffer overflow errors that allow for remote code execution on a compromised system.
That's exactly the situation with these three critical fixes. All allow for remote code execution. Microsoft said patching the Windows and .NET vulnerabilities will require a system restart but the Excel patch will not.