Symantec have released details of seven security issues, all the issues have come out of the research by Symantec into the Windows Vista Networking services as detailed in their paper ‘Windows Vista Network Attack Surface Analysis’. 

The seven issues range from denial of service issues to problems that could lead to bypassing of security restrictions.

The issues released by Symantec are:

• Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass Vulnerability (CVE-2007-1527)
• Microsoft Windows Vista LLTD Responder Discovery Packet Spoofing Vulnerability (CVE-2007-1529)
• Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial Of Service Vulnerability (CVE-2007-1530)
• Microsoft Vista Spoof On Bridge HELLO Packet Security Restriction Bypass Vulnerability (CVE-2007-1528)
• Microsoft Windows Vista ARP table Entries Denial of Service Vulnerability (CVE-2007-1531)
• Microsoft Windows Vista Teredo Protocol Insecure Connection Weakness (CVE-2007-1535)
• Microsoft Windows Vista Neighbour Discovery Spoofing Vulnerability (CVE-2007-1532)

Details are limited to what is in the CVE entries however it would seem that with this release of information into the CVE the issues may be going to make it into a Microsoft patch run soon?

 *UPDATE*

It seems however that although these issues had been described in Symantec's Vista paper, which was released in March addition of these as vulnerabilities into CVE was not performed by Symantec but by an as yet unknown Third Party. As a result Jim Hoagland at Symantec has posted a clarification with some more detail and explanation of the issues surrounding these 'vulnerabilities' to the Symantec Security Response Blog here.

Add this page to your favorite Social Bookmarking websites