Microsoft fixes gaping hole in Windows TCP/IP stack

Microsoft fixes gaping hole in Windows TCP/IP stack

Summary: An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Microsoft urges Windows users to treat this update with the utmost priority.

SHARE:

Microsoft has released its November batch of security bulletins with fixes for at least four documented vulnerabilities affecting the Windows operating system.

The updates address remote code execution and denial-of-service issues in all versions of Windows and Microsoft is urging its user base to pay special attention to MS11-083, which covers a gaping hole in the Windows TCP/IP stack.

The raw details:

A remote code execution vulnerability exists in the Windows TCP/IP stack due to the processing of a continuous flow of specially crafted UDP packets. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Because of the "critical" nature of this update, Microsoft is urging Windows users and administrators to treat MS11-083 with the utmost priority.

follow Ryan Naraine on twitter

The company also fixed a serious vulnerability in Windows Mail that exposes users to hacker attacks via the Web browser.

Some basic details via the MS11-085 bulletin:

The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.

Microsoft expects to see functional exploit code for this vulnerability within the next 30 days.

The November Patch Tuesday batch also contains fixes for a privilege escalation flaw in Active Directory (MS11-086) and a vulnerability in Windows kernel mode drivers (MS11-084) that could allow denial-of-service attacks.

Topics: Security, Microsoft, Networking, Operating Systems, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

32 comments
Log in or register to join the discussion
  • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

    I love this site. Every security patch fixes a 'Gaping Hole'. Seems like MacOSX and Windows are 'Swiss Cheese' and a glass house with no glass.
    DreyerSmit
    • Agreed. Most of the hyperbole is over the top, especially

      when he talks about OS X. However, don't underestimate the severity of the TCP/IP stack hole. This is the kind of security exploit Windows is famous for. No social engineering, just turn on the computer, connect to the internet and you can be pwned. This is the SECOND such exploit Windows 7 has had. The last one was a hole in their bluetooth stack. Go to starbucks, turn on your laptop and every computer within 60 feet could potentially pwn your system without you knowing it.
      baggins_z
      • Not an exploit, a vulnerability

        @baggins_z

        There has never been any successful 'exploit' of the Bluetooth error that I am aware of, only a vulnerability that was patched before an exploit entered the wild. If you are aware of an exploit, some documentation would be nice.
        Doctor Demento
      • Not an exploit, a vulnerability

        Triple post error
        Doctor Demento
      • Not an exploit, a vulnerability

        triple post error
        Doctor Demento
      • Security hole vs. exploit.

        You can't have the second without the first, so, yeah, it's still very serious.
        baggins_z
      • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

        @baggins_z

        When will a hacker engaged in illegal activity exploiting vulnerabilities ever go out of his/her way to document an exploit for you?
        laugher
  • Why is it that so much stuff has access to kernel mode?

    Why? Please note, that's an exasperated "why" not one that even begins to want to know why!
    ego.sum.stig
    • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

      @ego.sum.stig@... Really, where do you want the network stack to run, in user mode? Maybe have one stack for every process?<br>WHY don't you learn basic OS design and concepts, that's an exasperated "why"
      TGGR
      • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

        @TardHugger@... <br><br>When they STOLE the code from BSD, <br>maybe they should have implemented it as BSD did.
        Hence Windows only problem, again.
        Return_of_the_jedi
      • Completely irrelevant to his point.

        @Return_of_the_jedi: [i]When they STOLE the code from BSD, maybe they should have implemented it as BSD did.[/i]

        You failed to address his point. Perhaps because of the following statement of his is obviously accurate:

        "WHY don't you learn basic OS design and concepts, that's an exasperated "why"
        ye
      • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

        @Return_of_the_jedi wrote:
        "When they STOLE the code from BSD, maybe they should have implemented it as BSD did.

        I've seen various postings on the internet that Microsoft both did and did not use the TCP/IP stack from BSD in Windows. If they indeed did use it, they did not steal it as BSD has a permissive license.

        If one wants to be sure they are using a BSD port of ipfw, then they can download, install and configure wipfw from here:

        http://wipfw.sourceforge.net/index.html
        Rabid Howler Monkey
      • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

        @Return_of_the_jedi

        Do a little research on the HUNDREDS of security problems that have been found in Unix BIND over the years
        mswift@...
      • Because?

        Maybe you perhaps missed the key word "stuff." I suggest glasses and an attitude adjustment. That and as far as your supposed superior knowledge on OS design, well, no. Now tootle along and get angry at someone else who might (if you're really lucky) choose to compare you unfavourably to curdled milk.
        ego.sum.stig
  • This is the type of security hole that Windows is

    famous for. A TCP/IP stack exploit means you turn on your computer, you connect to the internet, and DOING NOTHING ELSE, you can get potentially pwned.
    baggins_z
    • Not really.

      @baggins_z: [i]This is the type of security hole that Windows is famous for.[/i]

      As you said above...it's only the second such type of vulnerability in two years. Hardly an earth shattering record.
      ye
    • Happened to me once

      @baggins_z <br>And it was a Windows box (a laptop running Windows XP, to be exact) it happened to. Very scary.<br><br>Response to ChoMo:<br><br>Positive. I don't remember the exact nature of the malware installed (it literally happened within minutes of booting up the machine), but I had to completely reinstall Windows from scratch that night (this was about 8 years ago).

      Reply to PollyProteus:

      Thanks for dating it. SP1 worked just fine for me. This happened right *before* SP2 was released.
      John L. Ries
      • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

        @John L. Ries
        Are you sure it wasn't a "user" virus?
        ChoMlo
      • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

        @John L. Ries - Eight years ago would have been around the Windows XP SP1 time frame and I'm pretty sure it was something else as I remember having to flatten new machines, install off the network, enable the Windows firewall and then connect to the network. Not a happy experience and it took IT months to finally squash it.
        PollyProteus
    • RE: Microsoft fixes gaping hole in Windows TCP/IP stack

      @baggins_z Are UDP packets allowed by routers on the internet?
      TGGR