[PCWorks] Microsoft Windows IPsec Policy Processing Information Disclosure

  • From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
  • Date: Wed, 13 Aug 2008 00:25:18 -0500

Vista and Windows Server 2008 only.


TITLE:
Microsoft Windows IPsec Policy Processing Information 
Disclosure

SECUNIA ADVISORY ID:
SA31411

VERIFY ADVISORY:
http://secunia.com/advisories/31411/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/product/13223/
Microsoft Windows Server 2008
http://secunia.com/product/18255/

DESCRIPTION:
A security issue has been reported in Microsoft Windows, which 
may
expose sensitive information to malicious people

The problem is caused due to an error in the manner IPsec 
policies
are imported to Windows Server 2008 domains from Windows Server 
2003
domains. This may result in systems ignoring IPsec policies and 
thus
transmit data otherwise intended to be encrypted in clear text.

SOLUTION:
Apply patches.

Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=3f21a8a2-9861-4fef-9d1e-caf5f7822c1a

Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?familyid=aa04a754-fbfb-42a7-89d2-14373e3f4742

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=c3363df6-39dc-4910-9ce5-66553155378e

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=39dd1722-412b-469d-a475-b6513764838c

Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=e9c6cd46-30ad-46ee-9c8b-d0b446e660c4

ORIGINAL ADVISORY:
MS08-047 (KB953733):
http://www.microsoft.com/technet/security/Bulletin/MS08-047.mspx


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  • » [PCWorks] Microsoft Windows IPsec Policy Processing Information Disclosure
  1. Home
  2. pcworks
  3. Archive
  4. 08-2008