WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Microsoft's first "Patch Tuesday" of 2008 was fairly unexceptional as the company's monthly vulnerability fixes go, focusing on two security bulletins, only one of which is labeled "Critical," the most severe category.
The Critical bulletin, MS08-001, warns of two separate vulnerabilities in the TCP/IP stack used in all versions of Windows.
According to the bulletin, an attacker exploiting the holes could take complete control of an affected system, install new applications, change or delete data or create new accounts with full user rights.
Leatham said one of the methods that could be used to exploit this vulnerability might be video or audio streams such as IP-based teleconferencing or streaming media.
"We suggest that organizations block IP multicasting at the perimeter firewall and the Vista firewall (which is not an option in XP) while testing and rolling out the patch ASAP," he wrote.
The second fix, MS08-002, is labeled "important" -- less severe, but still a vulnerability that users and admins should address promptly.
The bulletin addresses a problem in the Windows Local Security Authority Subsystem Service (LSASS), which would allow an attacker to run arbitrary code with elevated privileges and take complete control of an affected system.
"We strongly recommend that administrators test and deploy both patches as quickly as possible," Leatham said.