A year-old IPv6 vulnerability so dangerous it can freeze any Windows machine on a LAN in a matter of minutes is being downplayed by Microsoft (NASDAQ: MSFT) despite the urging of security experts to patch it. According to Network World, the hole requires a physical connection to the wired LAN. Juniper claims it has delayed a patch because the hole only affects a small number of its products and it wants the IETF to fix the protocol instead.
“Microsoft has little to say on the subject. ‘Microsoft is aware of discussions in the security community concerning a technique by which a Windows server or workstation on a target network may experience unprompted high resource utilization caused by an attacker broadcasting malicious IPv6 router advertisements. The attack method described would require that a would-be attacker have link-local access to the targeted network — a situation that does not provide a security boundary,’ a Microsoft spokesperson told Network World.”