Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
MS08-001 - Vulnerability in TCP/IP
This section provides a quick introduction of MS08-001 vulnerability on Windows 2000, XP, 2003 and Vista systems. This vulnerability could allow attackers to execute arbitrary codes on your local computer from a remote computer.
A friend recently asked me about a security news released by Microsoft: MS08-001: Vulnerability in TCP/IP could allow remote code execution. I did some searches on the Web and want to share my search results with you:
Description by McAfee - MS08-001 is a vulnerability present in Microsoft Windows that may allow for arbitrary code execution. The flaw resides in improper processing of IGMPv3 and MLDv2 traffic by TCP/IP in the Windows kernel. Successful exploitation is available to a remote unauthenticated attacker.
Exploit Demo by Immunity - Flash movie demonstrating compromise of a WinXP SP2 system.
Detailed Description by migrady - MS08-001 addresses vulnerabilities described by two separate CVE numbers: CVE-2007-0066 - parsing ICMP router advertisement packets; CVE-2007-0069 - involving the way the TCP/IP stack handles IGMP protocol packets. Affected systems are: Windows 2000, XP, 2003, and Vista. Full article is accessible here.
Recommendation - Download and install the patch available from Microsoft (941644): http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal
►MS08-001 Vulnerability on Windows Systems
►MS08-001 - Vulnerability in TCP/IP
IP Multicast and IP Address Range
"netsh" Commands for Interface IP
224.0.0.1 - The All Hosts Multicast Group
MulticastListener.java - A Simple Multicast Listener Program
All Hosts Multicast Group, 224.0.0.1, on Vista Systems