Vulnerabilities in MS TCP/IP - MS08-001
Posted by Chris Valasek on January 08, 2008 at 1:57 PM EST.This month Microsoft released two security bulletins. The most important of these bulletins was the update for its TCP/IP driver. The TCP/IP driver has a few very serious vulnerabilities. One of the patches fixes a denial of service with the potential for remote code execution in ICMP, and the second set of patches fix remote code execution issues in IGMP/MLD due to TCP/IP storing state incorrectly. The issue in ICMP, while serious, can be mitigated due to the fact that the Router Discovery Protocol isn’t enabled by default. However, the issue should be taken seriously because a crash will result in an automatic system reboot. The remote code execution in IGMP/MLD is quite the contrary. Although IGMP/MLD may not be a crucial part of your infrastructure, you could potentially be owned by this attack because it is on by default. To make matters worse, due to the nature of IP multicast, an entire subnet could be compromised with a single attack. I believe these issues, though early in the year, could be the most serious we see in 2008.