Home / bulletins MS09-048 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) - Version:2.0
Posted on 10 September 2009
There is an newer version: MS09-048 - Version: 2.1
CriticalSeverity Rating: Critical - Revision Note: V2.0 (September 9, 2009): Added Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2 to the Affected Software table. Also added entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, explaining why Microsoft is not releasing updates for the affected Windows XP editions, and clarifying the scope of the updates for the denial of service vulnerabilities. There were no changes to the security updates offered in this bulletin.Summary: This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Other versions
- MS09-048 - Version: 1.0
- MS09-048 - Version: 2.0
- MS09-048 - Version: 2.1
