Microsoft announced on Tuesday a serious security flaw that needs to be patched immediately. It affects Windows 2000, XP, and 2003.
Here is the executive summary of the fix:
This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
A more detailed explanation is that a hacker could create a specially crafted ICMP packet, send it to your machine over the internet and cause it to stop responding until you reboot.
In an even more scary scenario a hacker could create a specially crafted IGMP packet and take complete control of your computer!
There are a few ways to prevent this from affecting computers on your network.
1. Have your firewall block multicast traffic (IGMPv3 and MLDv2 specifically), and block ICMP traffic
2. Disable IGMP, and ICMP in the registry:
(IGMP)
-Click Start, click Run, type regedit and then click OK.
-Expand HKEY_LOCAL_MACHINE.
-Expand SYSTEM, expand CurrentControlSet, and then expand Services.
-Expand TCPIP, expand Parameters, and then expand IGMPLevel.
-Change the DWORD value to 0.
(ICMP)
-Click Start, click Run, type regedit and then click OK.
-Expand HKEY_LOCAL_MACHINE.
-Expand SYSTEM, expand CurrentControlSet, and then expand Services.
-Expand TCPIP, expand Parameters, and then expand Interfaces.
-Select interface_name and set the PerformRouterDiscovery value to 0.
3. (Best Option) Install the patches that fix the issue from Windows Update.
This is a serious flaw. I would update your Internet facing machines as soon as possible.
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools