Microsoft say that the "important" patches are mostly Internet services-related. One patch is specific to the Windows Vista update, however, all the Windows Vista-related updates will be included with Windows Vista SP1, expected to roll out to consumers in mid-to-late March.
Tim Rains, security response communications lead for Microsoft, humorously noted that "Windows Vista SP1 and Windows Server 2008 are not affected by any of today's bulletins." They're not affected because they are not yet available to the public. All Microsoft security patches for both Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.
MS08-003: Important
Titled "Vulnerability in Active Directory Could Allow Denial of Service (946538)," this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, but does not affect Windows Vista. A vulnerability detailed in CVE-2008-0088 exists in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory Application Mode (ADAM). Microsoft says "attacker must have valid log-on credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could cause the system to stop responding or automatically restart."
MS08-004: Important
Titled "Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)," this bulletin only affects users of Windows Vista. The update addresses the vulnerability detailed in CVE-2008-0084 that exists in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. Microsoft says "an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart."
