Critical TCP/IP flaw fixed in November Patch Tuesday release

Microsoft released their November Patch Tuesday on the 8th November which also included a critical TCP/IP fix. The TCP/IP component affects Windows 7, Server 2008 and Vista. Microsoft said an attacker could use a specially crafted UDP data packet to trigger a crash and remotely execute code on a a targeted system.

Microsoft has fixed the flaw by altering the way Windows handles UDP packets. End users and admins are advised to make the bulletin a top priority for testing and deployment as soon as possible. Note: Patch Tuesday did not include a permanent patch in a recent flaw in the Windows kernel which could be exploited by the Duqu malware. Microsoft has released a temporary fix.