Microsoft released its first set of fixes for 2008, patching a critical flaw in the Windows operating system that it says could be used by criminals to create a self-copying computer worm attack.
The critical bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft says that an attacker could send specially crafted packets to a victim's machine, which could then allow the attacker to run unauthorized code on a system.
IGMP is enabled by default on both Windows Vista and Windows XP. Windows uses the IGMP protocol for many popular consumer applications, such as multiplayer games and universal plug-and-play. However, the protocol is usually blocked at the router.
The patch applies to Microsoft Vista, XP, 2003 Server, and the 2000 versions of Windows.
- Microsoft starts '08 by patching 3 bugs (ComputerWorld)
- Critical TCP/IP worm hole dings Windows Vista (eWeek)
- Microsoft patches flaw that could trigger worm attack (PC World)
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.