My background covers security and I've started reading this blog (Security Vulnerability Research & Defense) - it is excellent and definitely worth a read to understand how vulnerabilities work and how to mitigate them!!
MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities
Security bulletin MS08-001 addresses vulnerabilities described by two separate CVE numbers, as you can see in the bulletin. This post provides an overview of the two issues, the affected platforms and notes on the severity. We’ll be following this post up with two further entries that look at each issue in more detail.
CVE-2007-0066 describes a vulnerability in parsing ICMP router advertisement packets. These packets are not processed by default on any supported version of Windows. If a computer is configured to process router discovery protocol packets and encounters this type of malformed packet, the Windows kernel will bugcheck (blue screen of death) and reboot. A separate blog post goes into more detail about the registry keys governing this behavior on each supported platform.
CVE-2007-0069, the more serious of the two vulnerabilities, involves the way the TCP/IP stack handles IGMP protocol packets. Mark researched the exploitability of this issue and you'll find his research and more detail about the vulnerability in the next blog post.
For those of you readers who are more visual, here's a picture describing the exposure of the vulnerabilities addressed in the security bulletin, by CVE:
Security Vulnerability Research & Defense : MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities
ttfn
David
Posted
Fri, Feb 8 2008 11:13 AM
by
David Overton