• IDP Daily Update #1312
  posted: 11/18/08
  
• NSM Daily Update #1312
  posted: 11/18/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
  posted: 11/18/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 11/18/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 11/17/08

Text Size:        

• See Also
• Current Updates

• Microsoft Security Resources
• Security Incidents
• Security Resources

• Juniper Networks Product Solutions for Microsoft
• Get detailed information about Juniper solutions that protect your Microsoft environment:
• SSL VPNs
• Intrusion Prevention
• Firewall / VPN Central Management34 KB
• VPN Resiliency594 KB
• Denial of Service and Attack Prevention754 KB
• Antivirus Protection55 KB

January 2008

---

Prior Updates:

---

Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

January 2008

Microsoft Security Bulletin MS07-001

Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

Severity: Critical
Vulnerabilities:

• Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability - CVE-2007-0069
  A remote code execution vulnerability exists in the Windows kernel due to the way that the Windows kernel handles TCP/IP structures storing the state of IGMPv3 and MLDv2 queries. Supported editions of Microsoft Windows XP, Windows Server 2003, and Windows Vista all support IGMPv3. In addition to IGMPv3, Windows Vista supports MDLv2, which adds multicast support for IPv6 networks. An anonymous attacker could exploit the vulnerability by sending specially crafted IGMPv3 and MLDv2 packets to a computer over the network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• Windows Kernel TCP/IP/ICMP Vulnerability - CVE-2007-0066
  A denial of service vulnerability exists in TCP/IP due to the way that Windows Kernel processes fragmented router advertisement ICMP queries. ICMP Router Discovery Protocol (RDP) is not enabled by default and is required in order to exploit this vulnerability. However, RDP can be turned on Windows 2003 Server and on Windows XP by a setting in DHCP or by a setting in the registry, on Windows 2000 RDP could be turned on by a setting in the registry. An anonymous attacker could exploit the vulnerability by sending specially crafted ICMP packets to a computer over the network. An attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.

Microsoft Security Bulletin MS08-002

Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)

Severity: Important
Vulnerabilities:

• LSASS Bypass Vulnerability - CVE-2007-5352
  An elevation of privilege vulnerability exists in the Microsoft Windows Local Security Authority Subsystem Service (LSASS) due to its improper handling of local procedure call (LPC) requests. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system.