Update Protection against Microsoft Windows Kernel TCP/IP IGMPv3 Vulnerability (MS08-001)
| Check Point Reference: | CPAI-2008-005 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS08-001 | |
| Industry Reference(s): | CVE-2007-0069 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows Server 2003 SP1/SP2 Microsoft Windows Server 2003 x64 Edition Microsoft Windows Server 2003 SP1/SP2 for Itanium-based Systems Microsoft Windows Vista Microsoft Windows Vista x64 Edition | ||
| Vulnerability Description A remote code execution vulnerability exists in Windows TCP/IP. A remote attacker can exploit the vulnerability by sending specially crafted IGMPv3 packets to a computer over the network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-001 |
|
|
Vulnerability Details This vulnerability is due to an error in the way Windows kernel handles TCP/IP structures storing the state of IGMPv3 queries. A remote attacker could exploit this issue via specially crafted IGMPv3 packets sent to the vulnerable interface. Successful exploitation of this vulnerability could allow a remote code execution on the affected system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block IGMPv3 queries attempting to exploit this vulnerability.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra/IPS-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.