[Beerman]

Patch info
Microsoft on Tuesday delivered one “critical” addressing two vulnerabilities in XP and Vista and one “important” vulnerability in Windows 2000, XP and Windows Server 2003.

The critical patch resolves two vulnerabilities (CVE-2007-0069 and CVE-2007-0066) reported by IBM ISS X-Force. The vulnerability, which involved TCP/IP processing, was critical in XP and Vista, important for Windows Server 2003 and moderate for Windows 2000.

Microsoft says the first vulnerability allowed an “attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The flaw in XP and Vista could lead to a remote code execution worm. As for the technical details of the vulnerability Microsoft said the following:

A remote code execution vulnerability exists in the Windows kernel due to the way that the Windows kernel handles TCP/IP structures storing the state of IGMPv3 and MLDv2 queries. Supported editions of Microsoft Windows XP, Windows Server 2003, and Windows Vista all support IGMPv3. In addition to IGMPv3, Windows Vista supports MDLv2, which adds multicast support for IPv6 networks. An anonymous attacker could exploit the vulnerability by sending specially crafted IGMPv3 and MLDv2 packets to a computer over the network.

The second patch takes care of a vulnerability (CVE-2007-5352) that allows an attacker to run “arbitrary code with elevated privileges.” The update is deemed important for Windows 2000, XP and Server 2003. As for the technical details, Microsoft said:

An elevation of privilege vulnerability exists in the Microsoft Windows Local Security Authority Subsystem Service (LSASS) due to its improper handling of local procedure call (LPC) requests.

Separately, Microsoft issued a security advisory for Windows Sidebar. Microsoft is updating Windows Sidebar to block gadgets from running.