Microsoft fixes three flaws with two patches; one is critical

The software giant addresses three vulnerabilities within the Windows operating system.

Microsoft on Tuesday released its January 2008 security bulletin, which includes only two updates: One is designated as "critical" by the software giant and the second one is deemed "important". Both concern the Windows operating system. There are no Microsoft Office updates this month. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS08-001: Critical

Titled "Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)", this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, and Vista, and addresses the vulnerability detailed in CVE-2007-0069 and CVE-2007-0066. A vulnerability exists in Transmission Control Protocol/Internet Protocol (TCP/IP) processing, and the patch modifies the way that the Windows kernel processes TCP/IP structures that contain multicast and ICMP requests. Microsoft says "an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

MS08-002: Important

Titled "Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)", this bulletin affects users of Microsoft Windows 2000, XP SP2, Server 2003, but not Windows Vista. The update addresses the vulnerability detailed in CVE-2007-5352. If exploited, a vulnerability within Microsoft Windows Local Security Authority Subsystem Service (LSASS) could allow an attacker to elevate privileges, take complete control of an affected system, then install programs; view, change, or delete data; or create new accounts with full user rights.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.