As we announced, today Microsoft released two new patches for January 2008. The critical patch resolves two vulnerabilities reported by IBM ISS X-Force. The vulnerability, which involved TCP/IP processing, was critical for XP and Vista, important for Windows Server 2003 and moderate for Windows 2000. And second patch covers a vulnerability that allows an attacker to run “arbitrary code with elevated privileges”. The update is marked as important for Windows 2000, XP and Server 2003.
For more details on these updates, read Microsoft’s Security Bulletin.