Revision Note: V1.0 (February 9, 2016): Bulletin Summary published.
Summary: This bulletin summary lists security bulletins released for January 2016.

Severity Rating: Critical
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511. For more information, see the Affected Software section. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

Severity Rating: Important
Revision Note: V1.0 (February 9, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.

Revision Note: V1.0 (January 12, 2016): Advisory published.
Summary: Microsoft is announcing the availability of an update to improve interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket message in the abbreviated TLS handshake. The update addresses an issue in schannel.dll that could cause RFC5077 session ticket-based resumption to fail and subsequently cause WinInet-based clients (for example, Internet Explorer and Microsoft Edge) to perform a fallback to a lower TLS protocol version than the one that would have been negotiated otherwise. This improvement is part of ongoing efforts to bolster the effectiveness of encryption in Windows.

Revision Note: V1.0 (January 12, 2016): Bulletin Summary published.
Summary: This bulletin summary lists security bulletins released for January 2016.

Severity Rating: Critical
Revision Note: V1.0 (January 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Revision Note: V1.0 (January 12, 2016): Advisory published.
Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy no longer allows root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing as of January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Severity Rating: Important
Revision Note: V1.0 (January 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.

Revision Note: V1.0 (January 12, 2016): Advisory published.
Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory. These ActiveX kill bits are included in the Internet Explorer cumulative update released on January 12, 2016.

Severity Rating: Critical
Revision Note: V1.0 (January 12, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.