Microsoft released its first set of fixes for 2008, patching a critical flaw in the Windows operating system that it says could be used by criminals to create a self-copying computer worm attack.

Excerpt from PC World:

The critical bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols, which are used to send data to many systems at the same time. Microsoft says that an attacker could send specially crafted packets to a victim’s machine, which could then allow the attacker to run unauthorized code on a system.

IGMP is enabled by default on both Windows Vista and Windows XP. Windows uses the IGMP protocol for many popular consumer applications, such as multiplayer games and universal plug-and-play. However, the protocol is usually blocked at the router.

The patch applies to Microsoft Vista, XP, 2003 Server, and the 2000 versions of Windows.

Additional reading: