MS09-048 includes fixes for TCP/IP implementation issues reported more than a year ago

More information via

http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx

and

https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

Several other vendors have shipped their patches too.

Related CVE is CVE-2008-4609 - 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609

Juha-Matti


Replies to this exploit:

From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821


From: bob@home.com
Sent: Wed 9. Sep 2009 15:19
Does anyone have a reference pointing to the original announcement on here for these vulnerabilities? I would like to research them regarding the potential continued vulnerability of XP, since MS did not provide a patch for XP products.


From: Jim Duncan jduncan@juniper.net
Sent: Wed 9. Sep 2009 15:33
bob@home.com wrote:
> Does anyone have a reference pointing to the original announcement on
> here for these vulnerabilities? I would like to research them
> regarding the potential continued vulnerability of XP, since MS did
> not provide a patch for XP products.  =20

CERT-FI was the coordinator for these vulnerabilities, and the CERT-FI
advisory (referenced in the previous message from Juha-Matti Laurio)
is the best overall announcement.

	Jim

--=20
James N. Duncan, CISSP
Manager, Juniper Networks Security Incident Response Team (Juniper SIRT)
E-mail: jduncan@juniper.net  Mobile: +1 919 608 0748
PGP key fingerprint: E09E EA55 DA28 1399 75EB  D6A2 7092 9A9C 6DC3 1821