It looks like the 87 CVE’s closed this patch Tuesday was not quite enough. Microsoft has just released two out-of-band patches. While these are both remote code execution bugs, they are not a threat to your machines out of the box.
This patch can impact any windows 10 machine over 1709, but only if you have installed the HEVC codec on your system. It allows a hacker to run code by exploiting how the image is loaded in memory. This would allow them to run code against the machine that was being attacked.
This patch impacts Visual Studio Code. If a hacker could convince a user to clone a bad repository, they would be able to execute malicious code when they opened a corrupted package.json file. This issue was attempted to be patched back in September with CVE-2020-16881. Justin Steven found issues with this patch, and the newer update seems to use his recommendations on how to fix it.
Neither of these is known to be currently exploited in the wild. You will not need to take any action on these to get your systems protected. They will be installed automatically if your system is at risk.