It’s for a vulnerability in the schannel component which is present in all Windows systems. Schannel implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols.
Traffic is sanity-checked by schannel but there is a flaw in this process which can allow specially-crafted packets through. This can allow an attacker to run arbitrary code on any system offering TLS/SSL, potentially taking control of the system.
IIS servers are clearly at risk but your machine can also be vulnerable if you accept encrypted traffic. Microsoft were not aware of any successful attacks using this vulnerability at the time their advisory was drafted, but as it has now been made public there will obviously be vigorous attempts in certain quarters to take advantage of it.
What We Recommend
This vulnerability is limited to Windows devices only and there is no risk to any of our Sophos Security Gateways. The vulnerability should be taken seriously but we perceive the risk to you to be minimal, however we recommend you, just to be on the safe side, to install the latest updates available from Microsoft as soon as possible on all windows systems, particularly web and e-mail servers.