Computer Help Community

Community

Cyber Tech Help Community

New Tutorials

More Tutorials
PC Tutorials

New Downloads

More Downloads
PC Downloads

Member Testimonials

Open Member Quote   I for one would like to say a word of appreciation and thanks to the moderators who help so many people on this forum. I would also like to remind all you people who post your urgent problems on any of the forums that it only takes a minute to say "thank you" to the person who helps you resolve your problem. I know how very frustrating it is to follow a problem until it is (presumably) resolved and then have the person who posed the problem disappear without any acknowledgement of having been helped. Think how you would feel is you had invested your time and your expertise in helping someone and they didn't even say "thank you." - jayt  Close Member Quote
Member Testimonials
MY CYBER TECH HELP

LATEST TOPICS

Tech Help Community

Free Antivirus Scan

Free Virus Scan and a listing of the top 10 viruses in the wild - Free Antivirus Scan
Free Online Antivirus Scan

File Extension Database

Find what program a filetype belongs to in our searchable File Extension Database.
File Extension Database

Services

See what services Cyber Tech Help can offer your business or website: CTH Services
CTH Services

Related MS Links

Related Links
Cyber Tech Help Community

To the top of the page to top

 



Microsoft issues out-of-cycle fix for critical Windows RPC fault

Latest News Latest News | News ArchiveNews Archive | Cyber Tech Help News RSS Feed!

Microsoft issues out-of-cycle fix for critical Windows RPC faultMicrosoft issues out-of-cycle fix for critical Windows RPC fault

Posted by: Tweaker
Date added: 23:36, 9th January 2008 GMT
Source: Beta News

Microsoft

A division of IBM involved with security research is being credited for having discovered a seriously exploitable vulnerability in both Windows XP and Windows Vista. The subject this time around deals with two critical components used by the TCP/IP stack: Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) for IPv6, the latter applying only to Vista.

Neither of these components have been immune to vulnerabilities in the past, though the implication from both IBM and Microsoft today was that this particular exploit, discovered by ISS last August, may in fact be somewhat novel in its approach.

The basic concept is not new, though: Intentionally malformed packets for Source Specific Multicasting for MLD, or similarly malformed packets for IGMP, can trigger the TCP/IP kernel driver to execute arbitrary code. As if to drum the issue home, an ISS advisory stated that theoretically such arbitrary code could come in from the outside, and could potentially be one of the many variants of the dreaded Storm Worm.

Just the mention of that sends shivers through the security community, which is why some security engineering firms today issued press releases saying their products already protect against this vulnerability because they can detect the Storm Worm. Such is likely not the case.

"An attacker does not need to invoke any kind of user interaction to exploit this vulnerability," reads an ISS bulletin updated this morning. "The lack of user interaction, widespread availability of the protocols, and the possibility of complete compromise of targeted systems means that administrators should treat this vulnerability as highly critical."

Tools:  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

 

Post a commentPost a comment

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!  Register to become a member!  Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

 

[ To the top of the page To top | Latest News Latest News | News Archive News Archive | Cyber Tech Help News RSS Feed! ]