Hopefully January's Patch Tuesday is a sign of things to come for 2014. With only four bulletins, this month's release is the lightest in recent memory. Markedly missing are any bulletins for Internet Explorer and not a single bulletin is rated as "Critical".
Although there are no "Critical" vulnerabilities, all four bulletins are marked as "Important" and Trustwave recommends patches be applied as soon as possible. Two of the vulnerabilities result in a privilege elevation and a third involves remote code execution utilizing an Office document. On their own these vulnerabilities might not be critical, but combined they can be much more serious. If an attacker used a malicious Office document to execute code that takes advantage of the privilege elevation vulnerability, then a phishing email to an unsuspecting user would be all that's necessary. Researcher Ben Hayak, of Trustwave SpiderLabs, has seen this type of combined attack in the wild actually using one of this month's bulletins, MS14-002 (CVE-2013-5065), as part of the attack. Although it uses Adobe Reader instead of Office, the attack vector would be similar. You can read more about Ben's findings here.
So, although this is a light month, patching these vulnerabilities should still be a priority for administrators.