Windows is insecure. That’s a given. But, Microsoft does issue monthly security patches-the first Tuesday of every month on Patch Tuesday-for many of Windows’ security problems. Now, however, there’s a new security problem in Windows XP’s TCP/IP networking that Microsoft has deliberately decided to leave unfixed.
According to Microsoft’s Security Bulletin MS09-048, Microsoft has released a patch for “several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service.”
That’s the fancy way of saying a hacker can take your computer over with this vulnerability. Listening services are just what you might think. They’re software programs, like a Web server, that wait for a network connection before they do whatever their job is. Now, Microsoft has fixed this… for Vista and Windows Server 2003 and 2008. But, if you use XP, or Windows 2000, you’re out of luck.