Attackers could exploit several flaws within Windows to hijack targeted computers and do a variety of damage, Microsoft warned as it released two security patch bulletins Tuesday. The vulnerabilities affect various versions of the operating system, including Windows XP SP2 and Vista.
The first bulletin, MS08-001, is rated critical and addresses two flaws in Windows' Transmission Control Protocol/Internet Protocol (TCP/IP) processing component. An attacker who successfully exploits the flaw could take complete control of an affected system and then install programs; view, change, or delete data; or create new accounts with full user rights, Microsoft said.
Microsoft said the security update is critical for supported versions of Windows XP and Vista, important for supported versions of Windows Server 2003, and moderate for supported versions of Windows 2000. The software giant fixed the problem by modifying how the Windows kernel processes TCP/IP structures that contain multicast and ICMP requests.
Amol Sarwate, manager of the vulnerability research lab at Qualys Inc., said IT administrators should take this update very seriously given how easily the issues could be exploited.
"This is a very critical flaw in which an attacker can remotely send malicious packets," he said. "No user intervention is required, and no authentication is required of the attacker. I would apply this patch as soon as possible."
Eric Schultze, chief technology officer of Shavlik Technologies in Roseville, Minn., said there is a silver lining, however. He said the service isn't enabled by default on a lot of machines, and so the overall attack service might be smaller than one would expect. Still, the flaw is a big problem for machines in which the service is enabled.
The second bulletin, MS08-002, is rated important and addresses a glitch in Windows' Local Security Authority Subsystem Service (LSASS). Attackers could exploit the vulnerability to malicious code on targeted machines with elevated privileges.
Microsoft said the security update is important for all supported editions of Windows 2000, Windows XP, and Windows Server 2003. Microsoft fixed the problem by validating parameters passed to LSASS APIs.
In response to the patch release, Cupertino, Calif.-based Symantec Corp. raised its ThreatCon to Level 2, signaling the increased possibility of attacks.
"The vulnerability affecting Windows kernel TCP/IP IGMP could be significant depending on the user's firewall settings," Ben Greenbaum, senior research manager of Symantec Security Response, said in an email. "This issue is compounded by the fact the user's computer may automatically reboot upon a failed exploit attempt, giving the attacker multiple opportunities to compromise the computer. Users should utilize firewall best practices, such as blocking IGMP packets, so their computers will not be at risk."