Microsoft Security Bulletin - January 2008

Microsoft released the Security Bulletin for January, 2008. In addition to an updated version of of the Microsoft Windows Malicious Software Removal Tool, there was one critical and one important security update released.

Also included in the updates for Windows Vista is Security Advisory 943411. The purpose of this update is to enable Windows Sidebar to block potentially vulnerable gadgets.

Critical:

• MS08-001 -- Vulnerability in TCP(IP)/IGMP that could allow remote code execution. All currently supported versions of Windows are affected.
  

Important:

• MS08-002: Vulnerability in LSASS that could allow local elevation of privilege. Windows 2000, Windows XP and Windows Server 2003 are affected by this update.
  

Although the information is directed toward IT Professionals, the new Security Vulnerability Research & Defense Blog issued an in-depth analysis of MS08-001, linked below.


References:

TechNet:

• Microsoft Security Bulletin for January 2008

MSRC Blog:

• January 2008 Monthly Release

Security Vulnerability Research & Defense Blog:

• MS08-001 - The case of the Moderate, Important, and Critical network vulnerabilities
• MS08-001 (part 2) – The case of the Moderate ICMP mitigations
• MS08-001 (part 3) – The case of the IGMP network critical

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...