MS08-001 - Vulnerability in TCP/IP

This section provides a quick introduction of MS08-001 vulnerability on Windows 2000, XP, 2003 and Vista systems. This vulnerability could allow attackers to execute arbitrary codes on your local computer from a remote computer.

A friend recently asked me about a security news released by Microsoft: MS08-001: Vulnerability in TCP/IP could allow remote code execution. I did some searches on the Web and want to share my search results with you:

Description by McAfee - MS08-001 is a vulnerability present in Microsoft Windows that may allow for arbitrary code execution. The flaw resides in improper processing of IGMPv3 and MLDv2 traffic by TCP/IP in the Windows kernel. Successful exploitation is available to a remote unauthenticated attacker.

Exploit Demo by Immunity - Flash movie demonstrating compromise of a WinXP SP2 system.

Detailed Description by migrady - MS08-001 addresses vulnerabilities described by two separate CVE numbers: CVE-2007-0066 - parsing ICMP router advertisement packets; CVE-2007-0069 - involving the way the TCP/IP stack handles IGMP protocol packets. Affected systems are: Windows 2000, XP, 2003, and Vista. Full article is accessible here.

Recommendation - Download and install the patch available from Microsoft (941644): http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx.

Last update: 2008.

Table of Contents

 About This Windows Security Book

 Windows 8: System Security Review

 Windows 8: System Security Protection

 Windows 8 System Recovery

 Windows 8 Defender for Real-Time Protection

 Windows 7: System Security Review

 Windows 7: System Security Protection

 Windows 7 System Recovery

 Windows 7 Forefront Client Security

 Norton Power Eraser - Anti-Virus Scan Tool

 McAfee Virus and Malware Protection Tools

 Spybot - Spyware Blocker, Detection and Removal

 Keeping Firefox Secure

 Keeping IE (Internet Explorer) Secure

 Malware (Adware, Spyware, Trojan, Worm, and Virus)

 HijackThis - Browser Hijacker Diagnosis Tool

 IE Add-on Program Listing and Removal

 "Conduit Search" - Malware Detection and Removal

 "Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware

 Malware Manual Removal Experience

 Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal

 Trojan and Malware "Puper" Description and Removal

 VSToolbar (VSAdd-in.dll) - Description and Removal

 PWS (Password Stealer) Trojan Infection Removal

MS08-001 Vulnerability on Windows Systems

MS08-001 - Vulnerability in TCP/IP

 IP Multicast and IP Address Range

 "netsh" Commands for Interface IP

 224.0.0.1 - The All Hosts Multicast Group

 MulticastListener.java - A Simple Multicast Listener Program

 All Hosts Multicast Group, 224.0.0.1, on Vista Systems

 MS08-001 Vulnerability Explanation by Microsoft

 Antivirus System PRO

 References

 PDF Printing Version