Microsoft has issued a new security bulletin warning users of a critical vulnerability in the TCP software built into Windows 2000, Windows Server 2003, Windows XP, and Windows Vista that could enable attackers to take over or destroy the computers. The TCP/IP protocol is one of the fundamental building blocks of Internet services; the vulnerability has to do with the way Windows processes ICMP and multicast requests.
The vulnerabilities were discovered and reported privately to Microsoft from Alex Wheeler and Ryan Smith of the IBM Internet Security Systems X-Force.
Microsoft has released a patch via Microsoft Update that changes the way the Windows kernel processes TCP multicast and ICMP requests. Due to the enormous number of systems worldwide exposed to this vulnerability and the potential threat it brings, Microsoft is recommending Windows users apply the patch as soon as possible.
