« Calling all Web Hacks of 2007 | Main | Coined Buzzword of the week: Cross Site Printing »

Worst Windows bug ever? Remote Command Execution in Windows TCP/IP stack leads to kernel level access

What we've been waiting for has finally been published. A remote command execution flaw in the windows tcp/ip stack yielding kernel level access in all versions of windows. From microsoft's advisory

"This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

This killer was discovered by Alex Wheeler of ISS's X-Force team which has published some additional information on their blog.

X-Force Advisory: http://xforce.iss.net/xforce/alerts/id/282
InfoWorld Article: http://www.infoworld.com/article/08/01/08/Microsoft-flaw-could-lead-to-worm-attack_1.html
Article Link: http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!