MS08-001: Vulnerability in TCP/IP could allow remote code execution

Article ID: 941644 - View products that this article applies to.
Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows
(http://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs)
.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS08-001. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update
(http://support.microsoft.com/ph/6527)


Security solutions for IT professionals: TechNet Security Troubleshooting and Support
(http://technet.microsoft.com/security/bb980617.aspx)


Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
(http://support.microsoft.com/contactus/cu_sc_virsec_master)


Local support according to your country: International Support
(http://support.microsoft.com/common/international.aspx)




For more information about the latest service pack for Windows Vista, click the following article number to view the article in the Microsoft Knowledge Base:
935791
(http://support.microsoft.com/kb/935791/ )
How to obtain the latest Windows Vista service pack
Back to the top | Give Feedback

More information

Question 1: How can I determine whether IGMP is active?

Answer 1: To determine whether Internet Group Management Protocol (IGMP) is active and listening for multicast traffic, type the following command at a command prompt:
netsh int ip show joins
For example, you may receive a message that resembles the following:
Collapse this tableExpand this table
Interface AddrMulticast Group
10.1.1.1 224.0.0.1
In this example, 224.0.0.1 represents all hosts on the subnet. In this example, Windows Server 2003 is not vulnerable despite being joined to 224.0.0.1 because Windows Server 2003 ignores IGMP queries to this address. The following is the code that is used. 
} else {
// If all-hosts address, ignore it
if (IP_ADDR_EQUAL(IQH->igh_addr, ALL_HOST_MCAST)) {
DEBUGMSG(DBG_WARN && DBG_IGMP,
(DTEXT("Dropping IGMPv3 query for the All-Hosts group\n")));
return;
}
Question 2: How can I determine whether my Windows Server 2003-based computer is vulnerable?

Answer 2: If a Windows Server 2003-based computer joins any multicast group other than 224.0.0.1, the computer is vulnerable to the IGMP attack. To view the multicast groups to which the computer is joined, type the following command at a command prompt:
netsh int ip show joins
For example, if the WINS component is enabled in Windows Server 2003, you may receive a message that resembles the following:
Collapse this tableExpand this table
Interface AddrMulticast Group
10.1.1.1 224.0.0.1
10.1.1.1 224.0.1.24
In this example, 224.0.1.24 is IP multicast group for WINS. In this configuration, Windows Server 2003 is vulnerable to the IGMP attack if the security update is not installed.
Back to the top | Give Feedback

Properties

Article ID: 941644 - Last Review: July 18, 2012 - Revision: 5.0
Applies to
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Ultimate
  • Windows Vista Home Premium
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Home Server
  • Microsoft Windows Small Business Server 2003 R2 Standard Edition
  • Microsoft Windows Small Business Server 2003 R2 Premium Edition
  • Microsoft Windows Small Business Server 2003 Standard Edition
  • Microsoft Windows Small Business Server 2003 Premium Edition
Keywords: 
kbvistasp1fix kbexpertiseinter kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix KB941644
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top