Severity Rating: Critical - Revision Note: V1.1 (February 16, 2009): Added a link to Microsoft Knowledge Base Article 961260 under Known Issues in the Executive Summary.Summary: This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

Severity Rating: Critical - Revision Note: V1.2 (February 11, 2009): Clarified the class IDs for two ActiveX controls. First, listed a second class ID in the workaround, “Prevent Windows Common AVI ActiveX Control from running in Internet Explorer,” for CVE-2008-4255

Revision Note: Bulletin Summary published.Summary: This bulletin summary lists security bulletins released for February 2009.

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft SQL Server.

Severity Rating: Critical - Revision Note: V2.0 (January 28, 2009): Added a footnote to the Affected Software table and two entries to the section, Frequently Asked Questions (FAQ) Related to this Security Update, pertaining to security updates KB958437 and KB958439 for supported versions of Microsoft Office Excel 2007.

Severity Rating: Important - Revision Note: V1.7 (January 21, 2009): Listed Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 3a, a component of Application Center 2000 Service Pack 2, as non-affected software.Summary: This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Revision Note: Bulletin Summary published.Summary: This bulletin summary lists security bulletins released for January 2009.

Revision Note: Advisory publishedSummary: Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method would allow an attacker to generate additional digital certificates with different content that have the same digital signature as an original certificate. The MD5 algorithm had previously shown a vulnerability, but a practical attack had not yet been demonstrated.

Revision Note: December 30, 2008: Changed the CVE Reference in the Overview section to CVE-2008-5416.Summary: Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue.

Severity Rating: Critical - Revision Note: V1.1 (December 18, 2008): Added unaffected server core notation for Windows Server 2008 for 32-bit Systems and Windows Server 2008 for x64-based Systems.

Severity Rating: Critical - Revision Note: V1.2 (December 17, 2008): Added log file entries in the Security Update Deployment section Reference table for Microsoft XML Core Services 6.0 when installed on Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition, and Windows Server 2003 x64 Edition Service Pack 2.Summary: This security update resolves several vulnerabilities in Microsoft XML Core Services. The most severe vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.