Microsoft kicked off the new year by fixing three vulnerabilities on its first regularly scheduled patch day. The most serious flaw affects the way that Windows systems handle storing the data associated with Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) network requests.
The vulnerability affects both Windows Vista and Windows XP Service Pack 2 and is rated Critical by Microsoft for those operating systems. An attacker could take control of a user’s machine by sending it a specially-crafted IGMP or MLD request, Microsoft stated in its bulletin. "An attacker who successfully exploited this vulnerability could take complete control of an affected system, … (and) could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft stated. Microsoft closes a critical network flaw
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag