The latter request could result in a DoS attack, while the former could lead to remote code execution, Eric Schultze, chief technology officer of Shavlik Technologies, told SCMagazineUS.com today.
Schultze said both functions -- multicast and ICMP -- usually are not turned on by default, but administrators should nevertheless take the bugs seriously.
"We haven't seen a good remote code execution [flaw] in a while," he said. "It will ignite some enthusiasm with some of the hackers. So many of the vulnerabilities lately have been what I call client-side, meaning the end-user has to visit a website or something."
Amol Sarwate, director of Qualys' vulnerability research lab, said both protocols are normally enabled. He said ICMP is turned on by default in Windows XP and Vista, and multicast is enabled by default in Vista, but not XP.
The third bulletin corrects an "important" privilege-escalation vulnerability in the Microsoft Windows Local Security Authority Subsystem Service (LSASS). It does not impact Vista.
Andrew Storms, director of security operations for nCircle, said the flaw is not "too dangerous because it is a local-only vulnerability that requires valid login credentials for execution."
But when combined with other holes, it becomes more severe, said Schultze.
One notable vulnerability that went unfixed was a flaw in the Microsoft Web Proxy Automatic Discovery (WPAD) feature, disclosed a week prior to December's Patch Tuesday release. The flaw could be exploited to propagate a man-in-the-middle attack.
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
