2 Microsoft Security Bulletins for January 2008

Microsoft released two security updates for January, rating one of them as critical. Here's a brief description of each update; for more information, go to


MS08-001: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution

The attack vector for this vulnerability is a specially crafted IGMPv3 or MLDv2 packet. The most likely result from an attack leveraging this vulnerability is Denial of Service (DoS), although remote code execution is theoretically possible. This bulletin replaces previous bulletin MS06-032 on all versions of Windows except Vista.

Applies to: Windows 2000, Windows XP, Windows Server 2003, and Windows Vista

Recommendation: You should perform accelerated testing and deployment of this update.

MS08-002: Vulnerability in LSASS Could Allow Local Elevation of Privilege

The attack vector for this exploit is a vulnerability that exists in the way that the Microsoft Windows Local Security Authority Subsystem Service (LSASS) handles local procedure call (LPC) requests. An attacker could leverage this vulnerability to run code and take control of the target computer.

Applies to: Windows 2000, Windows XP, and Windows Server 2003

Recommendation: Test and deploy as a part of your organization’s normal patch management routine.

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.