Microsoft Security Bulletin MS08-001 – Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution. Affects ALL current Windows versions W2K SP4, WXP SP2, WXP x64, W2K03 SP1 & SP2, W2K03 Itanium-based, Vista, Vista x64
Here is the executive summary from Microsoft Technet:
This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This is a critical security update for all supported editions of Windows XP and Windows Vista, an important security update for all supported editions of Windows Server 2003, and a moderate security update for all supported editions of Microsoft Windows 2000. For more information, see the subsection, Affected and Non-Affected Software, in this section.
This security update addresses the vulnerability by modifying the way that the Windows kernel processes TCP/IP structures that contain multicast and ICMP requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
read more | digg story