Microsoft released two security updates for January, rating one of them as critical. Here's a brief description of each update; for more information, go to
http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
MS08-001: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
The attack vector for this vulnerability is a specially crafted IGMPv3 or MLDv2 packet. The most likely result from an attack leveraging this vulnerability is Denial of Service (DoS), although remote code execution is theoretically possible. This bulletin replaces previous bulletin MS06-032 on all versions of Windows except Vista.
Applies to: Windows 2000, Windows XP, Windows Server 2003, and Windows Vista
Recommendation: You should perform accelerated testing and deployment of this update.
MS08-002: Vulnerability in LSASS Could Allow Local Elevation of Privilege
The attack vector for this exploit is a vulnerability that exists in the way that the Microsoft Windows Local Security Authority Subsystem Service (LSASS) handles local procedure call (LPC) requests. An attacker could leverage this vulnerability to run code and take control of the target computer.
Applies to: Windows 2000, Windows XP, and Windows Server 2003
Recommendation: Test and deploy as a part of your organization’s normal patch management routine.
Register
