The first patch for 2008, MS08-001, addresses a vulnerability present in Windows XP and Windows Vista networking software. Specifically, the vulnerability is in code that manages IGMP (Internet Group Management Protocol) and MLD (Multicast Listener Discovery) protocols.
The vulnerability, if exploited, gives an attacker the ability to execute the code of his or her choice on the system. This is a system-takeover class vulnerability. And because IGMP is enabled by default on Windows XP and Windows Vista, this is a vulnerability that could be exploited with a worm that could spread through the Internet in hours or days and wreak havoc.