‘Vulnerabilities in Windows TCP/IP Allows Code Execution (MS08-001)’

Summary

This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This is a critical security update for all supported editions of Windows XP and Windows Vista, an important security update for all supported editions of Windows Server 2003, and a moderate security update for all supported editions of Microsoft Windows 2000.

This security update addresses the vulnerability by modifying the way that the Windows kernel processes TCP/IP structures that contain multicast and ICMP requests.’

Credit:

‘The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx


Details

Affected Software:
 * Microsoft Windows 2000 Service Pack 4 – Denial of Service – Moderate – MS06-032
 * Windows XP Service Pack 2 – Remote Code Execution – Critical – MS06-032
 * Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 – Remote Code Execution – Critical – MS06-032
 * Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 – Remote Code Execution – Important – MS06-032
 * Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 – Remote Code Execution – Important – MS06-032
 * Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems – Remote Code Execution – Important – MS06-032
 * Windows Vista – Remote Code Execution – Critical – None
 * Windows Vista x64 Edition – Remote Code Execution – Critical – None

Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability – CVE-2007-0069
A remote code execution vulnerability exists in the Windows kernel due to the way that the Windows kernel handles TCP/IP structures storing the state of IGMPv3 and MLDv2 queries. Supported editions of Microsoft Windows XP, Windows Server 2003, and Windows Vista all support IGMPv3. In addition to IGMPv3, Windows Vista supports MDLv2, which adds multicast support for IPv6 networks. An anonymous attacker could exploit the vulnerability by sending specially crafted IGMPv3 and MLDv2 packets to a computer over the network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVE Information:
CVE-2007-0069.

Windows Kernel TCP/IP/ICMP Vulnerability – CVE-2007-0066
A denial of service vulnerability exists in TCP/IP due to the way that Windows Kernel processes fragmented router advertisement ICMP queries. ICMP Router Discovery Protocol (RDP) is not enabled by default and is required in order to exploit this vulnerability. However, on Windows 2003 Server and on Windows XP, RDP can be turned on by a setting in DHCP or by a setting in the registry. On Windows 2000, RDP can be turned on by a setting in the registry. An anonymous attacker could exploit the vulnerability by sending specially crafted ICMP packets to a computer over the network. An attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.

CVE Information:
CVE-2007-0066.’

Categories: Windows