Microsoft updates Security Bulletin from last Patchday
Microsoft has updated its Security Bulletin MS08-001 on the security vulnerabilities in the TCP/IP stack in Windows. The revised bulletin states that Windows Small Business Server 2003 Service Pack 2 is also affected. The Microsoft tools for detecting and deploying the updates are already offering the correct update for the product.
The vulnerabilities allowed specially prepared IGMPv3-, MLDv2 and fragmented RDP routing packets to remotely infiltrate and execute code in a computer. However, an attack on a system running Windows 2000 SP4 would only be able to put the system out of action. The same was true for a vulnerability in the Router Discovery, which is disabled by default. Attackers could normally only exploit the vulnerabilities in a local network, since firewalls generally block the protocols in question.
- Microsoft Security Bulletin MS08-001 , bulletin summary from Microsoft