Posted by Deliverator on January 18th, 2008
This last patch Tuesday, Microsoft released a patch for what many are calling the worst security vulnerability ever in the (dubious) history of Windows. Microsoft has released information on the vulnerability in the form of Microsoft Security Bulletin MS08-001. Happy New Year to us all! What a way in ring in 2008! In short, the vulnerability is in Microsoft’s TCP/IP stack and relates to the handling of IGMP packets. TCP/IP is the basic networking protocol for the internet and most corporate and home networks. All recent, commonly used versions of Windows including XP and Vista are affected by this vulnerability such that simply receiving a specially crafted packet could lead to a system being compromised and taken over for assorted nefarious purposes. Windows 2000 is affected as well, but only to the extent that such a packet causes the TCP/IP stack to crash and the system would need to be rebooted before it is able to communicate with the network again. While Microsoft has shipped Windows with a software firewall turned on by default since XP SP2, because this attack is against TCP/IP itself and not simply some service hiding behind the firewall, the Windows firewall provides no protection whatsoever. Hiding behind a hardware firewall/NAT router will protect you, but only from packets inbound from the internet, not from already compromised computers behind the firewall. Using an unpatched machine on a public network such as a coffee shop, library, etc. would be an extremely bad idea, not that it has been a great idea for a long time. And that is part of the point, a vulnerability like this doesn’t just magically go away after a patch is released. This is one shit storm that isn’t going to blow over for a LONG LONG time.