The critical MS08-001 update that fixes this flaw also patches a second, less-serious bug in the Windows networking stack that could be leveraged to launch a denial of service attack against a Windows system. This vulnerability lies in the Internet Control Message Protocol Router Discovery Protocol (ICMP RDP) which is used by Windows to find out how to communicate with the network. Because this capability is not turned on by default, Microsoft considers this to be merely an "important" bug.
This flaw could be exploited by attackers to steal passwords or run their code with a higher level of privilege on Windows, said Schultze. "The primary concern is Johnny who is a user becoming Johnny admin," he said. But if attackers were to combine an attack that exploited this flaw with another exploit that would allow them to run code on the system, then "that could become a critical issue," he said.