Microsoft Corp. has released two security bulletins encompassing three vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS08-001: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
http://www.microsoft.com/technet/security/bulletin/MS08-001.mspx

CVE Number: CVE-2007-0066
iDefense Title: Microsoft Windows Kernel TCP IP ICMP DoS Vulnerability
iDefense Master ID: 466951
iDefense Severity: LOW

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s Microsoft Windows operating system could allow an attacker to cause a denial of service (DoS) condition.

CVE Number: CVE-2007-0069
iDefense Title: Microsoft Windows Kernel IGMPv3 and MLDv2 Request Input Validation Vulnerability
iDefense Master ID: 466938
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with elevated privileges.
 

Security Bulletin MS08-002: Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
http://www.microsoft.com/technet/security/bulletin/MS08-002.mspx

CVE Number: CVE-2007-5253
iDefense Title: Microsoft Windows LSASS LPC Request Privilege Escalation Vulnerability
iDefense Master ID: 466952
iDefense Severity: MEDIUM

Local exploitation of a security bypass vulnerability in Microsoft Corp.'s Local Security Authority Subsystem Service (LSASS) could allow an attacker to escalate privileges to system level.