JPCERT-AT-2008-0001 JPCERT/CC January 9, 2008 <<< JPCERT/CC Alert 2008-01-09 >>> Jan 2008 Microsoft Security Bulletin (including one critical patch) http://www.jpcert.or.jp/at/2008/at080001.txt I. Overview Microsoft has released security bulletins for January 2008 which include one "Critical" security update. Vulnerabilities of IGMPv3/MLDv2 used for IPv4/IPv6 multicast and Router Discovery Protocol used to discover IPv4 routers have been announced. Exploitation of these vulnerabilities could allow a remote attacker to cause a Denial of Service (DoS) condition or execute arbitrary code. Security Bulletin for January 2008 http://www.microsoft.com/japan/technet/security/bulletin/ms08-jan.mspx Detailed information on this vulnerability is available from the following URL: [Critical Security Updates] MS08-001 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) http://www.microsoft.com/japan/technet/security/bulletin/ms08-001.mspx II. Solution Apply the security updates immediately by using Microsoft Update or Windows Update. Microsoft Update https://www.update.microsoft.com/ Windows Update https://windowsupdate.microsoft.com/ III. Reference Information Security Bulletin for January 2008 http://www.microsoft.com/japan/technet/security/bulletin/ms08-jan.mspx US-CERT Technical Cyber Security Alert TA08-008A Microsoft Updates for Multiple Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA08-008A.html US-CERT Vulnerability Note (search by ms08-jan) http://www.kb.cert.org/vuls/byid?searchview&query=ms08-jan @police About Microsoft security updates (MS08-001, 002) (January 9) http://www.cyberpolice.go.jp/important/2008/20080109_070834.html If you have any information regarding this matter, please contact us. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: 03-3518-4600 FAX: 03-3518-4602 http://www.jpcert.or.jp/