It looks like MS is somewhat on top of this one. They're saying "possibly in April" for the patch but my friend near the source says it will be out of cycle and as soon as it's ready.
Our local Linux Users Group, besides a fair amount of snickering at MS over this, demonstrated exploit proof of concept code for both vulnerabilities, yesterday. I wasn't there, but a friend gave me a copy. It's nasty stuff, though NOD32 flagged both samples as suspicious, as did several other AV programs.
Beware, or get Opera or Firefox until IE is tightened up again.