Microsoft patches a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack.
The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel. Microsoft also released a second update for a less-serious Windows flaw that would allow attackers to steal passwords or run Windows software with elevated privileges.
The critical bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft says that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system.
Because IGMP is enabled in Windows XP and Vista by default, this bug could be used to create a self-copying worm attack, Microsoft said Tuesday. Windows uses the IGMP protocol for many popular consumer applications such as streaming video, multiplayer games and universal plug-and-play.
Courtsey: PC World
Filed under
Enterprise Software | Tags:
Blaster Worm,
IGMP,
Lies,
Vista,
Windows XP | Comment Below
Related?
Conficker Worm May Hit Badly on April Fool's DayMarch 16th, 2009 As per Security firm F-Secure, already 9 million PCs have already been hit by the worm Conficker/Downadup. IT management firm CA further predicts that it may hit back on April Fool's day in a big way.
New Attack on IE7 Security Flaw is DetectedFebruary 18th, 2009 Microsoft recently announced fixes to address a critical security flaw that allows malicious web site to install Malware to an infected PC. The malware affects those Pc's that are running Excahnge and SQL Server.
The Latest Worm, Conficker or Downadup, Hit Millions of Computers WorldwideJanuary 25th, 2009 Conficker or Downadup, the fastest growing computer worm hit the internet, affecting millions of computers across the world, as per security expert. It takes advantage of windows vulnerability and spread by guessing the PC administrative password on net or by means of USB drive.
Oracle, Microsoft, RIM Released Impotant PatchesJanuary 13th, 2009 Oracle is supposed to release the update of critical patches on Tuesday. It includes 41 security patches in its database and enterprise software products.
Beware! The New Facebook Worm Turns Your Computer to a ZombieDecember 7th, 2008 As per Facebook, hackers have released new worm by the name Koobface that surfaced on Friday. The program is passing through a message that requests the audience to watch a video.
DNS Bug is Fixed to Patch the InternetJuly 9th, 2008 Makers of the software used to connect computers on the Internet collectively released software updates Tuesday to patch a serious bug in one of the Internet's underlying protocols, the Domain Name System (DNS). The bug was discovered "by complete accident," by Dan Kaminsky, a researcher with security vendor IOActive.
Apple's DNS Server still VulnerableAugust 4th, 2008 Apple released patches for 17 different flaws of its Mac OS X server. But, as per latest research the patch didn't do anything.
Conspiracy Theory Behind the Cut of UnderSea CableFebruary 6th, 2008 First a ship’s anchor cut into two high-priority cables — Flag Telecom’s Europe-Asia cable and the consortium-owned SEA-ME-WE 4 system. That pretty seriously damaged communications in the Middle East and choked traffic to India.
