Microsoft has patched a serious vulnerability in the Windows TCP/IP stack that, under some conditions, could enable an attacker to run code on remote machines. The flaw lies in the way that the stack handles large amounts of specially formatted packets sent to a vulnerable machine. Microsoft officials said that the vulnerability, which is one of a handful of flaws fixed by the company in November s Patch Tuesday release, is a serious one, but that the scenarios in which it can be exploited for remote code execution are limited.
Source: https://threatpost.com/microsoft-patches-critical-bug-windows-tcpip-stack-110911/75872/