Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases
|
|
SecurityTracker Alert ID: 1020678
|
|
SecurityTracker URL: http://securitytracker.com/id?1020678
|
|
CVE Reference: CVE-2008-2246
(Links to External Site)
|
Date: Aug 12 2008
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Version(s): Vista, Vista SP1, 2008
|
Description: A vulnerability was reported in IPSec in Microsoft Windows Vista and 2008. IPSec policy may not be properly enforced.
The system does not properly import IPsec policies into Windows Server 2008 domains from Windows Server 2003 domains. As a result, systems may ignore IPSec policies and transmit network traffic in clear text.
|
Impact: The system may not properly enforce IPSec policy, transmitting data in the clear instead of encrypting the data.
|
Solution: The vendor has issued the following fixes:
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=3f21a8a2-9861-4fe
f-9d1e-caf5f7822c1a
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=aa04a754-fbfb-4
2a7-89d2-14373e3f4742
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=c3363df6-39dc-4910-9ce5-66553155378e
Windo
ws Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=39dd1722-412b-469d-a475-b6513764838c
Windows
Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=e9c6cd46-30ad-46ee-9c8b-d0b446e660c4
A
restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-047.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-047.mspx (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (2008), Windows (Vista)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 12 Aug 2008 16:12:50 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/ms08-047.mspx
|
Microsoft Security Bulletin MS08-047 – Important: Vulnerability in IPsec Policy Processing Could Allo
w Information Disclosure (953733)
CVE-2008-2246
|
|
