Welcome to January 2008. Amongst all the CES coverage we’ve been doing we failed to notice yesterday, being the second Tuesday of the month, revealed to us on our Windows desktops that monthly ritual all Microsoft customers must endure: security patches. We’ve decided here at SlipperyBrick to implement the Microsoft Security Bulletin Watch - a basic way of us providing you information about new patches Microsoft is releasing.

For January 2008 Microsoft has released one Critical, One Important and seven Non-Security, High-Priority updates on the Microsoft Update site. You may not of course need all of these - it depends upon your machine’s specific Windows OS flavor and what you already have installed on your PC. Check after the jump for a summary of the most important updates.

• Critical: Microsoft Security Bulletin MS08-001: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) - This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Important: Microsoft Security Bulletin MS08-002: Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) - This important update resolves a privately reported vulnerability in Microsoft Windows Local Security Authority Subsystem Service (LSASS). The vulnerability could allow an attacker to run arbitrary code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Security Bulletin Summary for January 2008