Worst Windows bug ever? Remote Command Execution in Windows TCP/IP stack leads to kernel level access
What we've been waiting for has finally been published. A remote command execution flaw in the windows tcp/ip stack yielding kernel level access in all versions of windows. From microsoft's advisory
"This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
This killer was discovered by Alex Wheeler of ISS's X-Force team which has published some additional information on their blog.
X-Force Advisory: http://xforce.iss.net/xforce/alerts/id/282
InfoWorld Article: http://www.infoworld.com/article/08/01/08/Microsoft-flaw-could-lead-to-worm-attack_1.html
Article Link: http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx