Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
MS08-001 - Vulnerability in TCP/IP
This section provides a quick introduction of MS08-001 vulnerability on Windows 2000, XP, 2003 and Vista systems. This vulnerability could allow attackers to execute arbitrary codes on your local computer from a remote computer.
A friend recently asked me about a security news released by Microsoft: MS08-001: Vulnerability in TCP/IP could allow remote code execution. I did some searches on the Web and want to share my search results with you:
Description by McAfee - MS08-001 is a vulnerability present in Microsoft Windows that may allow for arbitrary code execution. The flaw resides in improper processing of IGMPv3 and MLDv2 traffic by TCP/IP in the Windows kernel. Successful exploitation is available to a remote unauthenticated attacker.
Exploit Demo by Immunity - Flash movie demonstrating compromise of a WinXP SP2 system.
Detailed Description by migrady - MS08-001 addresses vulnerabilities described by two separate CVE numbers: CVE-2007-0066 - parsing ICMP router advertisement packets; CVE-2007-0069 - involving the way the TCP/IP stack handles IGMP protocol packets. Affected systems are: Windows 2000, XP, 2003, and Vista. Full article is accessible here.
Recommendation - Download and install the patch available from Microsoft (941644): http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx.
Table of Contents