Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Microsoft Patch Tuesday for January 2008

Created: 08 Jan 2008 08:00:00 GMT • Updated: 23 Jan 2014 18:43:08 GMT
Robert Keith's picture
0 0 Votes
Login to vote

Hello everyone and welcome to this month’sblog on the Microsoft patch releases. This is a very light month;Microsoft is releasing only two bulletins that cover a total of threevulnerabilities affecting multiple flavors of Windows.

The most severe of the three issues involves the handling of TCP/IPmulticast packets. An attacker may be able to exploit this issue toremotely compromise a vulnerable computer. The remaining issues includea denial-of-service vulnerability involving ICMP and a localprivilege-escalation vulnerability affecting LSASS.

Microsoft’s summary of the January releases can be found here: http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx

1. MS08-001 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (KB941644)

CVE-2007-0069 (BID 27100) Microsoft Windows TCP/IP IGMP MLD Remote Code Execution Vulnerability (MS Rating: Critical / Symantec Urgency Rating 8.2/10)

This is a remote code-execution vulnerability affecting Windowskernel TCP/IP and is due to the way it stores the state of InternetGroup Management Protocol (IGMPv3) and Multicast Listener Discovery(MLDv2) queries. A remote attacker can exploit this issue by sendingspecially crafted packets to the vulnerable computer. A successfulattack will result in the execution of the attacker-supplied code,potentially facilitating a remote compromise of the affected computer.

Affects: Windows XP, Windows Server 2003, and Windows Vista

Windows Server 2003 does not have any multicast addresses active bydefault. However, installing an application that uses multicastaddresses may make the system vulnerable.

Non-Affected: Windows 2000

CVE-2007-0066 (BID 27139) Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability (MS Rating: Moderate / Symantec Urgency Rating 5.7/10)

This is a remote denial of service vulnerability in Windows TCP/IPand is due to the way it handles fragmented router advertisementInternet Control Message Protocol (ICMP) queries. This issue affectssystems with Router Discovery Protocol (RDP) enabled; it is disabled bydefault. By sending a malicious packet to a vulnerable computer, anattacker can exploit this issue to cause that computer to stopresponding and potentially crash.

Affects: Windows 2000, Windows XP, and Windows Server 2003

Non-Affected: Windows Vista

2. MS08-002 Vulnerability in LSASS Could Allow Local Elevation of Privilege (KB943485)

CVE-2007-5352 (BID 27099)Microsoft Windows LSASS LPC Request Local Privilege EscalationVulnerability (MS Rating: Important / Symantec Urgency Rating 6.6/10)

This is a local privilege-escalation vulnerability affectingMicrosoft Windows Local Security Authority Subsystem Service (LSASS). Alocal attacker can exploit this issue by sending a malicious LPCmessage to the affected service and potentially gain complete controlof the affected computer.

Affects: Windows 2000, Windows XP, and Windows Server 2003

Non-Affected: Windows Vista

More information on this and other vulnerabilities is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.