Microsoft's first "Patch Tuesday" of 2008 was fairly unexceptional as the company's monthly vulnerability fixes go, focusing on two security bulletins, only one of which is labeled "Critical," the most severe category.
The Critical bulletin, MS08-001, warns of two separate vulnerabilities in the TCP/IP stack used in all versions of Windows.
According to the bulletin, an attacker exploiting the holes could take complete control of an affected system, install new applications, change or delete data or create new accounts with full user rights.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iDon Leatham, director of business development for Lumension Security, formerly PatchLink, said this is a fairly serious vulnerability. "The critical patch deals with remote code execution and the vulnerability is at the kernel level," he wrote in an e-mail to InternetNews.com. "This means that if someone exploits the vulnerability, they could take complete, unlimited control of a machine."
Leatham said one of the methods that could be used to exploit this vulnerability might be video or audio streams such as IP-based teleconferencing or streaming media.
"We suggest that organizations block IP multicasting at the perimeter firewall and the Vista firewall (which is not an option in XP) while testing and rolling out the patch ASAP," he wrote.
The second fix, MS08-002, is labeled "important" -- less severe, but still a vulnerability that users and admins should address promptly.
The bulletin addresses a problem in the Windows Local Security Authority Subsystem Service (LSASS), which would allow an attacker to run arbitrary code with elevated privileges and take complete control of an affected system.
"We strongly recommend that administrators test and deploy both patches as quickly as possible," Leatham said.