Thursday, May 5, 2011

A critical flaw in the IPv6 layer of Microsoft

Security experts call for Microsoft to address a critical flaw in the IPv6 layer of the operating systems of the editor would cause a freeze of the machine and would take control. The problem can be exploited by attacks of denial of services. The flaw lies in the mechanism that the router uses to disseminate its IPv6 address and help customers find and connect to IPv6 subnet, which is called the "router advertisement" or RA.

However, an attacker could flood a machine of prefabricated random RA. The problem is that because of the fault, the system attempts to treat RA such as queries and legitimate in principle, no firewall can not prevent this attack. The processor is then submerged and squeezes out of the machine must be restarted.

The flaw was discovered last July by Mark Heuse. It also concerned at the time a large number of Cisco routers and Linux systems as well as Apple's AirPort products. Cisco has since released an updated Linux kernel and has been corrected. Apple has addressed the flaw in Mac OS X and its routers.

Microsoft has acknowledged the problem but has not yet announced work on a solution. The publisher believes that a solution is not necessary because the scope of the problem remains limited. Indeed, the exploitation of this vulnerability wishes to be physically connected to the LAN using a cable.

Indeed, the company has never admitted the problem, nor even warned its partners. She has only begun to explain the reasons for his silence when Mr. Heuse decided to make public his discovery two weeks ago to denounce the passivity of Redmond to a flaw that is apparently easy to fill by the expert.

The speed at which Linux and Cisco routers have been corrected seems to corroborate his opinion. Apple has taken longer, but he too has taken this issue seriously. In addition, Microsoft has corrected a flaw less reported also by Mr. Heuse and also requested a physical connection to the network to be exploited.

The official reasons for the inaction of Microsoft are very wobbly. An assumption that runs on the Web is that internal tensions within Microsoft slow down the development of a solution to this problem. Meanwhile, security experts began to warn their customers and advise the use of Cisco routers that are designed to counter such attacks.

No comments:

Post a Comment