TITLE: Microsoft Windows TCP/IP Implementation Vulnerabilities SECUNIA ADVISORY ID: SA28297 VERIFY ADVISORY: http://secunia.com/advisories/28297/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Vista http://secunia.com/product/13223/ Microsoft Windows Storage Server 2003 http://secunia.com/product/12399/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An error in the kernel's TCP/IP implementation (tcpip.sys) when handling IGMPv3 and MLDv2 queries can be exploited to crash the system and potentially execute arbitrary code via a specially crafted IGMPv3 or MLDv2 packet. NOTE: This vulnerability does not affect systems running Windows 2000. 2) An error in the kernel's TCP/IP implementation (tcpip.sys) when handling fragmented router advertisement ICMP queries can be exploited to cause the system to stop responding via a specially crafted ICMP query. Successful exploitation requires that Router Discovery Protocol (RDP) is enabled (disabled by default). NOTE: This vulnerability does not affect systems running Windows Vista. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=980f5457-c7b5-421c-8643-0e57429ec156 Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=0a766242-2342-4fa0-9b66-8953c54a2211 Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=2e8bc7d5-fe81-4ed5-9efa-360738d160ee Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=fda060a5-9a1e-4036-9899-13eb61fdd8be Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=19d993f9-06dd-4dc4-b0cc-c59e822eb8fa Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=2c2264f7-ebbb-40ab-9dbf-9b4e313665a7 Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyID=23c0e03a-db66-4618-bce0-af55e5c1b067 Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=5f6a37b1-c604-47c9-932f-485db2eda133 ORIGINAL ADVISORY: MS08-001 (KB941644): http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts.