Microsoft has released security bulletin MS08-001. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

•	Home users: http://www.microsoft.com/protect/computer/updates/bulletins/200801.mspx (http://www.microsoft.com/protect/computer/updates/bulletins/200801.mspx) Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now: http://update.microsoft.com/microsoftupdate/ (http://update.microsoft.com/microsoftupdate/)
•	IT professionals: http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx (http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx)

Back to the top

How to receive help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and in Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for security update support issues, visit the International Support Web site: For enterprise customers, support for security updates is available through your usual support contacts.

For more information about the latest service pack for Windows Vista, click the following article number to view the article in the Microsoft Knowledge Base:

Back to the top

Question 1: How can I determine whether IGMP is active?

Answer 1: To determine whether Internet Group Management Protocol (IGMP) is active and listening for multicast traffic, type the following command at a command prompt: For example, you may receive a message that resembles the following:

Interface Addr	Multicast Group
10.1.1.1	224.0.0.1

In this example, 224.0.0.1 represents all hosts on the subnet. In this example, Windows Server 2003 is not vulnerable despite being joined to 224.0.0.1 because Windows Server 2003 ignores IGMP queries to this address. The following is the code that is used.

} else {
// If all-hosts address, ignore it
if (IP_ADDR_EQUAL(IQH->igh_addr, ALL_HOST_MCAST)) {
DEBUGMSG(DBG_WARN && DBG_IGMP,
(DTEXT("Dropping IGMPv3 query for the All-Hosts group\n")));
return;
}

Question 2: How can I determine whether my Windows Server 2003-based computer is vulnerable?

Answer 2: If a Windows Server 2003-based computer joins any multicast group other than 224.0.0.1, the computer is vulnerable to the IGMP attack. To view the multicast groups to which the computer is joined, type the following command at a command prompt: For example, if the WINS component is enabled in Windows Server 2003, you may receive a message that resembles the following:

Interface Addr	Multicast Group
10.1.1.1	224.0.0.1
10.1.1.1	224.0.1.24

In this example, 224.0.1.24 is IP multicast group for WINS. In this configuration, Windows Server 2003 is vulnerable to the IGMP attack if the security update is not installed.

Back to the top