<<< Date Index >>>     <<< Thread Index >>>

Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation



Hello all,

In my blog today [1] I give a brief run-down of nine CVE entries that were
recently published for Vista; the CVEs are numbered CVE-2007-1527 through
CVE-2007-1535.  At this point, I do not know who requested the entries be
created.  However, the entries are based on items reported in Symantec's
recent Windows Vista Network Attack Surface Analysis report [2], for which I
was lead author, so I thought that I was in a good position to explain them.

Most of the CVEs are for items that are not especially significant and in
one or two cases can be considered historic (aside from it being applicable
to Vista in particular).

I do discuss one item in more depth though, since I feel it is important.
The documentation that is currently on the Microsoft web site makes it seem
like you need to do something special for Teredo to become active.  In
reality, we have seen Teredo used on fresh Vista installs.

Who is to say the reason Microsoft has the inaccurate information (it could
be an innocent mistake that has remained unfixed for several months), but
the effect is to downplay the configurations under which Teredo will be
used.  This misleads people as to how much attention they need to pay to
Teredo when they install/deploy Vista.  Teredo does pose some significant
security concerns and it probably will not be uncommon to find a Vista host
using Teredo.

More in the blog [1] ...

-- Jim

[1] 
http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsof
ts_inaccurate_teredo_d.html ( http://preview.tinyurl.com/yu7vhu )

[2] 
http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.
pdf ( http://preview.tinyurl.com/2qrglc )


-- 
Jim Hoagland, Ph.D., CISSP
Principal Security Researcher
Advanced Threats Research
Symantec Security Response