In the first month of this year, Microsoft published four security bulletins.

1. Microsoft Security Bulletin MS17-001 - Important Security Update for Microsoft Edge (3214288)
Associated CVE: CVE-2017-0001

This is an elevation of privilege vulnerability which exists in MS Edge. The vulnerability arises when MS Edge improperly enforces cross-domain policies with about: blank. This allows an attacker to access information from one domain and inject it into another domain.

2. Microsoft Security Bulletin MS17-002 - Important Security Update for Microsoft Office (3214291)
Associated CVE: CVE-2017-0002

The MS Office software is affected by a remote code execution. The vulnerability arises when Office software fails to properly handle objects in memory. On successful exploitation of the vulnerability, an attacker can run arbitrary code in the context of current user.

3. Microsoft Security Bulletin MS17-004 - Important Security Update for Local Security Authority Subsystem Service (3216771)
Associated CVE: CVE-2017-0004

The DOS vulnerability exists in the Local Security Authority Subsystem Service (LSASS). On the successful exploitation, the attacker can cause the denial of service on the target system's LSASS service.

Microsoft's summary of the January 2017 releases can be found here:
https://technet.microsoft.com/en-us/library/security/ms17-jan