IPv6 Vulnerability Downplayed

Security experts urge Microsoft, Juniper to patch dangerous IPv6 DoS hole.

By Enterprise Networking Planet Staff | Posted May 6, 2011
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

A year-old IPv6 vulnerability so dangerous it can freeze any Windows machine on a LAN in a matter of minutes is being downplayed by Microsoft (NASDAQ: MSFT) despite the urging of security experts to patch it. According to Network World, the hole requires a physical connection to the wired LAN. Juniper claims it has delayed a patch because the hole only affects a small number of its products and it wants the IETF to fix the protocol instead.

"Microsoft has little to say on the subject. ‘Microsoft is aware of discussions in the security community concerning a technique by which a Windows server or workstation on a target network may experience unprompted high resource utilization caused by an attacker broadcasting malicious IPv6 router advertisements. The attack method described would require that a would-be attacker have link-local access to the targeted network -- a situation that does not provide a security boundary,’ a Microsoft spokesperson told Network World.”

Read the Full Story at Network World

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter