Secunia Security Advisory - A security issue has been reported in Windows Vista, which can be exploited by malicious people to bypass certain security restrictions.
bb77cf32c9d3b0c23fb7236d2f3d0f0b630df5fd26a93f9aac89ce7fa35691a6
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Windows Vista Firewall Teredo Blocking Rule Security Bypass
SECUNIA ADVISORY ID:
SA26001
VERIFY ADVISORY:
http://secunia.com/advisories/26001/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/product/13223/
DESCRIPTION:
A security issue has been reported in Windows Vista, which can be
exploited by malicious people to bypass certain security
restrictions.
The problem is caused due to an error in the handling of the Teredo
transport mechanism resulting in network traffic being handled
incorrectly though the Teredo interface. This may result in certain
firewall rules being bypassed.
Successful exploitation may disclose certain information about a
system and its existence, but requires that the system's network
profile is not set to "Public" and that a user e.g. is tricked into
clicking a specially crafted link.
SOLUTION:
Apply patches.
Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyId=e9b64746-6afa-4a30-833d-e058e000c821
Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0df5d190-3ad7-42d5-8629-43c47ec450cb
PROVIDED AND/OR DISCOVERED BY:
Jim Hoagland and Ollie Whitehouse, Symantec.
ORIGINAL ADVISORY:
MS07-038 (KB935807):
http://www.microsoft.com/technet/security/Bulletin/MS07-038.mspx
Symantec:
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------