On November 8, a security bulletin was posted to the Microsoft Security TechCenter website. The bulletin, MS11-083, concerns a flaw in the way certain UDP packets are handled in the native Windows TCP/IP stack. The vulnerability is marked “Critical” because it could potentially open up a computer to Remote code execution, and it affects Windows 7, Windows Vista, and Windows Server 2008. However, the bulletin does not provide much information about the supposed security flaw. We will have to examine a relevant post to the Microsoft Security Research & Defense blog to determine the extent of this vulnerability.
“Assessing the exploitability of MS11-083” reveals the details of the security hole. The idea is as follows: If enough UDP packets are flooded to a closed port on a Windows host, it could cause an integer overflow in the reference counter in a part of the TCP/IP stack. Should such an overflow occur, the memory for the counter will be erroneously freed by the operating system. This could result in a crash of the operating system. It could also, in a worst-case scenario, cause the operating system to reference memory which has been overwritten with arbitrary instructions. However, this attack was determined to the Microsoft researchers to be “difficult to achieve.” Still, it is worth keeping in mind that some of the most cripping security holes have stemmed from the compound use of several smaller, innocuous flaws in the operating system and software.
A patch for MS11-083 is available to Windows users right now, and it is strongly suggested that those affected download and install the patch immediately.