Security
SHARE
Facebook X Pinterest WhatsApp

First ‘Patch Tuesday’ of 2008 Proves Modest

Written By
thumbnail
Andy Patrizio
Andy Patrizio
Jan 8, 2008

Microsoft’s first “Patch Tuesday” of 2008 was fairly unexceptional as the company’s monthly vulnerability fixes go, focusing on two security bulletins, only one of which is labeled “Critical,” the most severe category.

The Critical bulletin, MS08-001, warns of two separate vulnerabilities in the TCP/IP stack used in all versions of Windows.

According to the bulletin, an attacker exploiting the holes could take complete control of an affected system, install new applications, change or delete data or create new accounts with full user rights.

Don Leatham, director of business development for Lumension Security, formerly PatchLink, said this is a fairly serious vulnerability. “The critical patch deals with remote code execution and the vulnerability is at the kernel level,” he wrote in an e-mail to InternetNews.com. “This means that if someone exploits the vulnerability, they could take complete, unlimited control of a machine.”

Leatham said one of the methods that could be used to exploit this vulnerability might be video or audio streams such as IP-based teleconferencing or streaming media.

“We suggest that organizations block IP multicasting at the perimeter firewall and the Vista firewall (which is not an option in XP) while testing and rolling out the patch ASAP,” he wrote.

The second fix, MS08-002, is labeled “important” — less severe, but still a vulnerability that users and admins should address promptly.

The bulletin addresses a problem in the Windows Local Security Authority Subsystem Service (LSASS), which would allow an attacker to run arbitrary code with elevated privileges and take complete control of an affected system.

“We strongly recommend that administrators test and deploy both patches as quickly as possible,” Leatham said.

Microsoft also issued Security Advisory 943411, detailing an update to the Windows Vista Sidebar that offers new protections against malicious widgets inadvertently installed in the Vista Sidebar.

Additionally, as is tradition, Microsoft updated its Malicious Software Removal Tool, this time to recognize the Win32/Cutwail family of Trojans.

Microsoft will hold its usual Webcast to discuss the fixes tomorrow at 11 a.m. Pacific time.

thumbnail
Andy Patrizio

Recommended for you...

thumbnail
Best Internet Security Software
Security
Best Internet Security Software
Devin Partida
Mar 23, 2022
thumbnail
HP Wolf Security Report Shows Threat Landscape Getting Scarier
Security
HP Wolf Security Report Shows Threat Landscape Getting Scarier
Rob Enderle
Oct 15, 2021
thumbnail
Microsoft Gets Rid Of Passwords: I Can Almost Hear Angels Singing
Blog
Microsoft Gets Rid Of Passwords: I Can Almost Hear Angels Singing
Rob Enderle
Sep 17, 2021
thumbnail
The Coming AI Threats We Aren’t Prepared For
Security
The Coming AI Threats We Aren’t Prepared For
Rob Enderle
Aug 27, 2021
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information