Severity Rating: Important
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS Server, causing the server to become nonresponsive.

Severity Rating: Important
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to improperly validate input.

Revision Note: V1.0 (February 9, 2016): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of Visual Studio 2013, Visual Studio 2015, ASP.NET MVC5, and ASP.NET MVC6. This advisory also provides guidance on what developers can do to help ensure that the controls and components that they have built are not subject to the vulnerability.

Severity Rating: Critical
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document.

Revision Note: V1.0 (February 9, 2016): Bulletin Summary published.
Summary: This bulletin summary lists security bulletins released for January 2016.

Severity Rating: Critical
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511. For more information, see the Affected Software section. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

Severity Rating: Important
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.

Severity Rating: Important
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) or an Internet Authentication Service (IAS) if an attacker sends specially crafted username strings to the IAS or NPS, which could prevent RADIUS authentication on the NPS or IAS.

Severity Rating: Important
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Severity Rating: Critical
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.