On Thursday, January 6, Microsoft provided advance notification of the patches that are scheduled to be released for January 2011. There are only two patches (known as bulletins by Microsoft) that are scheduled to be released. One is classified as critical for all workstation operating systems (32 and 64 bit versions of Windows 7, Vista and Windows XP) and important for all server operating systems (32 bit, 64 bit and Itanium versions of Server 2003 base and SP2 and also all versions of Server 2008). The second bulletin is classified as important for all workstation operating systems and is not applicable to any current server operating systems. If exploited, both vulnerabilities would allow remote code execution to take place on the compromised workstation or server.
Additional details are available at http://www.microsoft.com/technet/security/bulletin/ms11-jan.mspx As Microsoft releases additional details the previous URL will be updated.
Update – January 12
Everything I am reading indicates that Microsoft patch – http://www.microsoft.com/technet/security/bulletin/ms11-002.mspx should be applied to both servers and workstations as soon as possible. It affects all current Microsoft Operating Systems and is identified as CRITICAL for the following workstation OSs: Windows XP SP3, Windows XP SP2 (64 bit), Windows Vista SP1 and SP2 (both 32 and 64 bit), and Windows 7 (32 and 64 bit).
For Server Operating Systems, patch http://www.microsoft.com/technet/security/bulletin/ms11-002.mspx is classified as IMPORTANT.
Patch http://www.microsoft.com/technet/security/bulletin/ms11-001.mspx is identified as IMPORTANT and only applies to the following workstation Operating Systems: Windows Vista SP1 and SP2 (both 32 and 64 bit)