If you are yet unaware, Microsoft pushed out another couple of security updates this month and posted about it in their new “Microsoft Vulnerability Research and Defense” blog. Msoft started it a couple of weeks ago, providing lower level technical information about the vulnerabilities they are fixing.
Be sure to install MS08-001 if you haven’t already.
The first of the updates, MS08-001, provides reason for caution, because it allows for reliable exploitation. Surprisingly, we have not seen any public exploitation or even PoC just yet.
You can watch a great four minute video of MS08-001 patch analysis by the makers of Bindiff, a binary diffing tool used to uncover security vulnerabilities like this one. Grab your popcorn, bring a date, and head on over. I’ll ruin the ending for you…of the nine functions changed in the tcpip component that was patched, they examine one function that iterates a list of structures and mistakenly performs a bad comparison. They even find some overwriteable memory for successful exploit!