Microsoft has issued the first of its monthly security updates for 2009. The January patch release contains a single fix which addresses a pair of flaws in all currently supported versions of Windows.

According to the company, one of the two vulnerabilities addressed in the update could be exploited by an attacker to remotely execute code on a target system. The vulnerability lies in the way Windows handles Server Message Block (SMB) code.

An attacker could send malformed SMB code to the user to trigger a crash which would then allow the attacker to remotely install and execute code. Such 'buffer overflow' errors are often used to install malware.

The update is rated as a 'critical' priority for users running Windows 2000, XP and Windows Server 2003. On systems running Windows Vista and Windows Server 2008, the patch is given a less severe rating of 'moderate' due to default security settings that reduce the risk of a successful attack.

The update is the first to be released by Microsoft since late December, when the company put out an emergency fix for a vulnerability in Internet Explorer.