Microsoft patches a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack.
The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel. Microsoft also released a second update for a less-serious Windows flaw that would allow attackers to steal passwords or run Windows software with elevated privileges.
The critical bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft says that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system.
Because IGMP is enabled in Windows XP and Vista by default, this bug could be used to create a self-copying worm attack, Microsoft said Tuesday. Windows uses the IGMP protocol for many popular consumer applications such as streaming video, multiplayer games and universal plug-and-play.
Courtsey: PC WorldFiled under Enterprise Software | Tags: Blaster Worm, IGMP, Lies, Vista, Windows XP | Comment Below