Headline: “Microsoft Windows Buffer Overflow in TCP/IP Stack Lets Remote Users Execute Arbitrary Code”

First: If you have not ran windows update since the 1-7-2008 update do it now before finishing reading this article.

What Is It?:

Due to a flaw in Microsoft’s TCP/IP (Telecommunication Protocol/Internet Protocol)

stack a single specifically designed IGMP (Internet Group Management Protocol) packet can be sent to an affected PC and cause problems ranging from a system lockup to total system takeover. Microsoft is giving credit to a team at IBM for reporting this flaw.

The Good News:

• The patch is already available for all effected platforms.
• Most network address translation routers would by default block this intrusion.

The Bad News.

• Your system may already be compromised and in some cases is this is undetectable after the fact.
• Microsoft has known of this since June 2006.
• It is virtually certain a worm will be launched if it hasn’t already.
• Possibly the largest security flaw in Microsoft’s history (and that’s saying something).
• This is a vulnerability in a very low level process on a windows machine software firewalls are helpless to stop it.

Even though this has been patched this is not the last we will hear about this. Packets are constantly bouncing off my firewall from MS Blaster patched back in 2003. Earlier this year 70,000+ web servers where hit with a SQL injection vulnerability patched over one year before. What does this tell us? People don’t patch their systems (or severs for that matter) when they should. Turn on automatic updates on every windows system!

This is the first time since the WinNuke Port 139 OOB packet exploit, that I can remember a ‘packet of death’ style attack across all windows platforms.

For details on Microsoft’s announcement click through to Microsoft’s Announcement.

Continue Reading »