Content
(MS08-001) Microsoft Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (941644)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- High
- CVE reference
- CVE-2007-0069,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP SP2,
- Windows 2003 SP2,
- Windows Vista,
- Summary
- A vulnerability is present in Microsoft Windows that may allow for arbitrary code execution. Exploitation is available to remote attackers through malicious network traffic.
Tab Navigation
Description
Microsoft Windows is an industry standard operating system. A vulnerability is present in Microsoft Windows that may allow for arbitrary code execution. The flaw resides in improper processing of IGMPv3 and MLDv2 traffic by TCP/IP in the Windows kernel. Successful exploitation is available to a remote unauthenticated attacker.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (941644): http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-001) Microsoft Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (941644)
- Signature identifier:
- 5652
- Release date:
- 1/8/2008
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge. Detection requires hotfix 3.1.3.111 to be installed.
- Signature:
- IGMP MS Windows Remote Kernel Buffer Overflow
- Signature identifier:
- 0x9100
- Release date:
- 1/8/2008
- First released in:
- 3.1.55
Additional Resources
Microsoft Security Bulletin: Microsoft Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (941644)
http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
All Information
Timeline -
1/8/2008
Vendor has provided a patch.
Description -
Microsoft Windows is an industry standard operating system. A vulnerability is present in Microsoft Windows that may allow for arbitrary code execution. The flaw resides in improper processing of IGMPv3 and MLDv2 traffic by TCP/IP in the Windows kernel. Successful exploitation is available to a remote unauthenticated attacker.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (941644): http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-001) Microsoft Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (941644)
- Signature identifier:
- 5652
- Release date:
- 1/8/2008
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge. Detection requires hotfix 3.1.3.111 to be installed.
- Signature:
- IGMP MS Windows Remote Kernel Buffer Overflow
- Signature identifier:
- 0x9100
- Release date:
- 1/8/2008
- First released in:
- 3.1.55
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Microsoft Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (941644)
http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
