Content

(MS06-064) Microsoft Spoofed Connection Request Vulnerability (922819)

Type
Logic error
Impact of exploitation
Denial of Service
User Interaction
no user interaction is needed
Attack Vector
Malicious remote network traffic
Rating
Medium
CVE reference
CVE-2005-0688,
Vendor Status
Responded and patched
Vulnerable systems
Windows XP  Generic,
Windows XP  SP0 - SP2,
Windows 2003  Generic,
Windows 2003  SP0 - SP1,
Summary
A denial of service is present in Microsoft processing of TCP/IP IPV6 traffic. This may be exploited when processing malicious network traffic.

Tab Navigation

Description

TCP-IP IPv6 is the next progression from the IPv4 protocol for network communications. A flaw is present in Microsoft Windows processing of TCP/IP IPv6 traffic that may allow for a remote denial of service attack. The flaw lies in processing of certain ICMP messages. Successful exploitation could cause the system to drop current connections and no longer respond to connection requests.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft(922819): http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS06-064) Microsoft Spoofed Connection Request Vulnerability (922819)
Signature identifier:
4682
Release date:
10/10/2006

Additional Resources

Microsoft Security Bulletin: Vulnerability in TCP-IP IPv6 Could Result in Denial of Service (922819)

http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx

Vulnerability Summary CVE-2005-0688

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0688

All Information

Timeline -

10/10/2006

Vendor has provided a patch.

10/20/2005

Vulnerability information has been publicly disclosed.

Description -

TCP-IP IPv6 is the next progression from the IPv4 protocol for network communications. A flaw is present in Microsoft Windows processing of TCP/IP IPv6 traffic that may allow for a remote denial of service attack. The flaw lies in processing of certain ICMP messages. Successful exploitation could cause the system to drop current connections and no longer respond to connection requests.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft(922819): http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:
(MS06-064) Microsoft Spoofed Connection Request Vulnerability (922819)
Signature identifier:
4682
Release date:
10/10/2006

Additional Resources

Additional Resources -

Microsoft Security Bulletin: Vulnerability in TCP-IP IPv6 Could Result in Denial of Service (922819)

http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx

Vulnerability Summary CVE-2005-0688

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0688