SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   IPSec Vendors:   Microsoft
Microsoft Windows IPSec Policy May Not Be Enforced in Certain Cases
SecurityTracker Alert ID:  1020678
SecurityTracker URL:  http://securitytracker.com/id/1020678
CVE Reference:   CVE-2008-2246   (Links to External Site)
Date:  Aug 12 2008
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista, Vista SP1, 2008
Description:   A vulnerability was reported in IPSec in Microsoft Windows Vista and 2008. IPSec policy may not be properly enforced.

The system does not properly import IPsec policies into Windows Server 2008 domains from Windows Server 2003 domains. As a result, systems may ignore IPSec policies and transmit network traffic in clear text.
Impact:   The system may not properly enforce IPSec policy, transmitting data in the clear instead of encrypting the data.
Solution:   The vendor has issued the following fixes:

Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=3f21a8a2-9861-4fef-9d1e-caf5f7822c1a

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=aa04a754-fbfb-42a7-89d2-14373e3f4742

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=c3363df6-39dc-4910-9ce5-66553155378e

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=39dd1722-412b-469d-a475-b6513764838c

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=e9c6cd46-30ad-46ee-9c8b-d0b446e660c4

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-047.mspx
Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-047.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (2008), Windows (Vista)

Message History:   None.

 Source Message Contents
Date:  Tue, 12 Aug 2008 16:12:50 -0400
Subject:  http://www.microsoft.com/technet/security/bulletin/ms08-047.mspx


Microsoft Security Bulletin MS08-047 – Important: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)

CVE-2008-2246


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC