|
Brought to you by:
Suppliers of:
|
|
|
| |
This security update resolves two privately reported vulnerabilities in the Pragmatic General Multicast (PGM) protocol that could allow a denial of service if malformed PGM packets are received by an affected system. An attacker who successfully exploited this vulnerability could cause a user s system to become non-responsive and to require a restart to restore functionality. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
This security update is rated Important for all supported editions of Windows XP and Windows Server 2003 and rated Moderate for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section. |
| |
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx
|
| |
Affected Software:
* Windows XP Service Pack 2 - Denial of Service - Important - MS06-052
* Windows XP Service Pack 3 - Denial of Service - Important - None
* Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Denial of Service - Important - None
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - Denial of Service - Important - None
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 - Denial of Service - Important - None
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems - Denial of Service - Important - None
* Windows Vista and Windows Vista Service Pack 1 - Denial of Service - Moderate - None
* Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 - Denial of Service - Moderate - None
* Windows Server 2008 for 32-bit Systems* - Denial of Service - Moderate - None
* Windows Server 2008 for x64-based Systems* - Denial of Service - Moderate - None
* Windows Server 2008 for Itanium-based Systems - Denial of Service - Moderate - None
*Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.
Non-Affected Software:
* Windows 2000 Service Pack 4
PGM Invalid Length Vulnerability - CVE-2008-1440
A denial of service vulnerability exists in implementations of the Pragmatic General Multicast (PGM) protocol on Microsoft Windows XP and Windows Server 2003. The vulnerability is due to improper validation of specially crafted PGM packets. An attacker who successfully exploited this vulnerability could cause the computer to become non-responsive and require a restart to restore functionality.
CVE Information:
CVE-2008-1440
PGM Malformed Fragment Vulnerability - CVE-2008-1441
A denial of service vulnerability exists in implementations of the Pragmatic General Multicast (PGM) protocol on Microsoft Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The protocol s parsing code does not properly validate specially crafted PGM fragments and will cause the affected system to become non-responsive until the attack has ceased.
CVE Information:
CVE-2008-1441
|
|
|
|
|
