January 8, 2008Microsoft released the January Security Update on January 8, 2008. Two bulletins were released that address three individual vulnerabilities. Microsoft rated one bulletin as Critical and the other as Important; both bulletins address Microsoft Windows products. The Critical vulnerability could allow a remote attacker to execute arbitrary code, but an exploit requires that an attacker can send multicast IGMPv3 or MLDv2 traffic to an affected system. Microsoft released information on two Important vulnerabilities that may allow attackers to cause a denial of service or gain elevated privileges.
|
| Microsoft Security Bulletin | Affected Product | Cisco IntelliShield Alert | CVE ID  |
Cisco IPS Signature | CVSS Base Score |
|---|---|---|---|---|---|
|
Microsoft Security Bulletin MS08-001 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution |
Microsoft Windows Microsoft Windows XP Professional Microsoft Windows Server Microsoft Windows Vista |
Microsoft Windows Kernel IGMP and MLD Code Execution Vulnerability | CVE-2007-0069 | 6224/0 |
9.3 |
| Microsoft Windows Kernel ICMP Router Discovery Protocol Denial of Service Vulnerability | CVE-2007-0066 | 6755/0 |
5.7 | ||
|
Microsoft Security Bulletin MS08-002 Vulnerability in LSASS Could Allow Local Elevation of Privilege |
Microsoft Windows Microsoft Windows XP Professional Microsoft Windows Server |
Microsoft Windows LSASS Privilege Escalation Vulnerability | CVE-2007-5352 | – |
6.6 |