Severity Rating: Critical - Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

You Had Me At EHLO… : Update Rollup 6 for Exchange Server 2007 SP1 to be released on February 10th 2009: http://msexchangeteam.com/archive/2009/02/06/450583.aspx “This is a heads up that Update Rollup 6 for Exchange Server 2007 SP1 should be out on Tuesday February 10, 2009. As you can see the rollup release date coincides with the day Microsoft issues security patches.

Severity Rating: Important - Revision Note: V1.7 (January 21, 2009): Listed Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 3a, a component of Application Center 2000 Service Pack 2, as non-affected software.Summary: This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Severity Rating: Critical - Revision Note: V2.0 (January 21, 2009): Bulletin updated.

Revision Note: Bulletin Summary published.Summary: This bulletin summary lists security bulletins released for January 2009.

Severity Rating: Important - Revision Note: V3.0 (January 13, 2009): Added entry to the Frequently Asked Questions (FAQ) Related to This Security Update section explaining that Microsoft has re-released the update packages for Windows Media Format Runtime 9.5 on Windows XP Service Pack 2 (KB952069) and on Windows XP Service Pack 3 (KB952069). Customers running all other supported and affected versions of Windows Media components who have already applied the original security update packages do not need to take any further action

Severity Rating: Critical - Revision Note: V2.0 (January 13, 2009): Added Microsoft Office Word Viewer to Affected Software table. Also, added an entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update, explaining Microsoft Office Word Viewer. There were no changes to the security update binaries or detection.

Severity Rating: Important - Revision Note: V1.1 (January 13, 2009): Added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, explaining this revision as a detection change for this security update. The corrected detection offers the security update to affected systems that previously were not offered this security update. Customers who have successfully updated their systems do not need to reinstall this update.Summary: This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver.

Severity Rating: Important - Revision Note: Bulletin published.Summary: This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site.

Severity Rating: Critical - Revision Note: V3.0 (December 9, 2008): Added Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1, Microsoft Expression Web and Microsoft Expression Web 2, and Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1 as Affected Software. Also detailed a detection change for Microsoft SQL Server 2005 Service Pack 2 in the “Why was this bulletin revised on December 9, 2008?” entry in the Frequently Asked Questions (FAQ) Related to this Security Update section.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content.

Severity Rating: Critical - Revision Note: V2.3 (November 25, 2008): Bulletin updated to correct the filename of wwmasf.dll to wmasf.dll in the file information for Windows Media Format 9.5 Runtime for Windows Server 2003 x64 Edition.Summary: This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime

Severity Rating: Critical - Revision Note: V1.2 (November 12, 2008): Corrected a registry key verification entry for Internet Explorer 6 for all supported x64-based editions of Windows Server 2003.Summary: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer