I was on holiday for this month’s Patch Tuesday *happy, happy, joy, joy!*, so here is a late recap on this month’s patching including the out of band patch issued later in the month.
This month we have one (1) new security bulletin, and one (1) out of band patch issued later in the month. A restart will be required.
For our first bulletin release of the New Year, we have one Critical bulletin affecting all versions of Windows. The bulletin, MS10-001, addresses one vulnerability in the Embedded OpenType Font Engine and is Critical on Windows 2000. For all other versions of Windows, the vulnerability gets a Low rating. 
|MS10-001||972270||Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution||Remote Code Execution||Critical||Microsoft Windows|
Out of Band Patch
|MS10-002||978207||Cumulative Security Update for Internet Explorer||Remote Code Execution||Critical||Microsoft Windows|
For this month:
While all versions of Internet Explorer are affected, the risk for everyone running Internet Explorer 8 is lower since it has DEP (Data Execution Prevention) enabled by default. DEP makes exploitation of this vulnerability more difficult so as a temporary workaround you might want to enable it for older IEs (keep in mind that it might break some add-ons). — SANS 
NOW: MS10-002 !
[1.] January 2010 Security Bulletin Release (2010-Jan-12) [MS: MSRC]
[2.] Microsoft Security Bulletin: January 2010 (2010-Jan-12) [SANS]
[3.] Microsoft Security Bulletin Summary for January 2010 (2010-Jan-12) [MS]
[4.] Microsoft security updates for January 2010 (2010-Jan-12) [MS]
[5.] Assessing the risk of the December security bulletins (2010-Jan-12) [MS: SR&D]
[6.] Security Advisory 979352 – Going out of Band (2010-Jan-19) [MS: MSRC]
[7.] -day vulnerability in Internet Explorer 6, 7 and 8 (2010-Jan-15) [SANS]
[8.] Assessing risk of IE 0day vulnerability (2010-Jan-15) [MS: SR&D]