Microsoft Security Bulletin MS08-001 – Critical

Discussion in 'other security issues & news' started by NICK ADSL UK, Jan 26, 2008.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin MS08-001 – Critical
    Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
    Published: January 8, 2008 | Updated: January 25, 2008


    Version: 3.0

    General Information
    Executive Summary
    This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    This is a critical security update for all supported editions of Windows XP and Windows Vista, an important security update for all supported editions of Windows Server 2003, and a moderate security update for all supported editions of Microsoft Windows 2000. For more information, see the subsection, Affected and Non-Affected Software, in this section.

    This security update addresses the vulnerability by modifying the way that the Windows kernel processes TCP/IP structures that contain multicast and ICMP requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

    Recommendation. Microsoft recommends that customers apply the update immediately

    Known Issues. None

    Frequently Asked Questions (FAQ) Related to This Security Update

    Why was this bulletin revised on January 25, 2008?
    This bulletin was revised to clarify the impact of Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (CVE-2007-0069) on supported editions of Windows Small Business Server 2003 and Windows Home Server. Microsoft Update, Windows Update, the Microsoft Baseline Security Analyzer (MBSA), and Microsoft Systems Management Server (SMS) already correctly offer this update to systems running Windows Small Business Server 2003 and Windows Home Server. Customers with supported editions of Windows Small Business Server 2003 and Windows Home Server should apply the update to remain secure.


    http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
     
Loading...
Thread Status:
Not open for further replies.