Article

Microsoft patches Windows TCP/IP, LSASS flaws

Bill Brenner

Attackers could exploit several flaws within Windows to hijack targeted computers and do a variety of damage, Microsoft warned as it released two security patch bulletins Tuesday. The vulnerabilities affect various versions of the operating system, including Windows XP SP2 and Vista.

    Requires Free Membership to View

This is a very critical flaw in which an attacker can remotely send malicious packets.
Amol Sarwate,
manager of the vulnerability research,Qualys Inc.

The first bulletin, MS08-001, is rated critical and addresses two flaws in Windows' Transmission Control Protocol/Internet Protocol (TCP/IP) processing component. An attacker who successfully exploits the flaw could take complete control of an affected system and then install programs; view, change, or delete data; or create new accounts with full user rights, Microsoft said.

Microsoft said the security update is critical for supported versions of Windows XP and Vista, important for supported versions of Windows Server 2003, and moderate for supported versions of Windows 2000. The software giant fixed the problem by modifying how the Windows kernel processes TCP/IP structures that contain multicast and ICMP requests.

Amol Sarwate, manager of the vulnerability research lab at Qualys Inc., said IT administrators should take this update very seriously given how easily the issues could be exploited.

Microsoft security bulletin:
Inside MSRC: Critical Windows flaw affects XP, Vista Microsoft's Bill Sisk explains how a remote code execution vulnerability could affect Windows XP and Vista systems.

December:

Microsoft fixes critical DirectX, Windows and IE flaws: Microsoft's December 2007 security update includes seven patch bulletins -- three of them critical -- for flaws in various versions of Windows, IE and DirectX.

Inside MSRC: Message Block and queuing patches explored: Microsoft's Bill Sisk explains patches that address vulnerabilities in Server Message Block Version 2 and Microsoft Message Queuing (MSMQ).

Microsoft warns of Windows zero-day: Attackers could exploit a zero-day flaw in Windows' Web Proxy Auto-Discovery (WPAD) feature to access sensitive data, Microsoft warned.

"This is a very critical flaw in which an attacker can remotely send malicious packets," he said. "No user intervention is required, and no authentication is required of the attacker. I would apply this patch as soon as possible."

Eric Schultze, chief technology officer of Shavlik Technologies in Roseville, Minn., said there is a silver lining, however. He said the service isn't enabled by default on a lot of machines, and so the overall attack service might be smaller than one would expect. Still, the flaw is a big problem for machines in which the service is enabled.

The second bulletin, MS08-002, is rated important and addresses a glitch in Windows' Local Security Authority Subsystem Service (LSASS). Attackers could exploit the vulnerability to malicious code on targeted machines with elevated privileges.

Microsoft said the security update is important for all supported editions of Windows 2000, Windows XP, and Windows Server 2003. Microsoft fixed the problem by validating parameters passed to LSASS APIs.

In response to the patch release, Cupertino, Calif.-based Symantec Corp. raised its ThreatCon to Level 2, signaling the increased possibility of attacks.

"The vulnerability affecting Windows kernel TCP/IP IGMP could be significant depending on the user's firewall settings," Ben Greenbaum, senior research manager of Symantec Security Response, said in an email. "This issue is compounded by the fact the user's computer may automatically reboot upon a failed exploit attempt, giving the attacker multiple opportunities to compromise the computer. Users should utilize firewall best practices, such as blocking IGMP packets, so their computers will not be at risk."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: