A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service.
Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a vulnerability when processing a continuous flow of specially crafted UDP packets, which results in an integer overflow.
Microsoft Security Bulletin MS11-083 states:
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Apply an update
Thanks to Microsoft Security Response Center for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2011-11-08|
|Date Last Updated:||2011-11-08 20:55 UTC|