The lastest warning said that an attacker could place a Java applet on the victim's machine that would allow the attacker to undertake any task the victim was authorised to perform.
"This could, potentially, include adding, changing or deleting data or configuration information," the bulletin warned.
The first warning told users that an attacker could redirect all Web traffic from a machine by placing a Java applet on the victim's computer.
IT added that the attacker would be able to know where a victim was surfing on the Web, what actions the victim took and capture the victim's passwords and other secure information.
According to the bulletin, both vulnerabilities affect only those users who access the Web via proxy servers, which means the problems will affect businesses rather than home users. Both vulnerabilities were rated "critical" by Microsoft.
Microsoft said an update it released on 4 March should deal with both problems.