===================================================================== CERT-Renater Note d'Information No. 2008/VULN306 _____________________________________________________________________ DATE : 13/08/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows Vista, Windows Server 2008 running IPsec Policy. ====================================================================== KB953733 http://www.microsoft.com/technet/security/bulletin/ms08-047.mspx ______________________________________________________________________ Microsoft Security Bulletin MS08-047 - Important Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) Published: August 12, 2008 Version: 1.0 General Information Executive Summary This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. This update is rated Important for all supported versions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected Software, in this section. Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity. Affected Software Windows Vista and Windows Vista Service Pack 1 Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 for Itanium-based Systems Vulnerability Information IPsec Policy Information Disclosure Vulnerability - CVE-2008-2246 An information disclosure vulnerability exists in the manner in which IPsec policies are imported to Windows Server 2008 domains from Windows Server 2003 domains. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would potentially disclose information intended to be encrypted on the network. An attacker intercepting the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system. Workarounds for IPsec Policy Information Disclosure Vulnerability - CVE-2008-2246 Do not select the "Default Response Rule" during IPsec policy creation or uncheck this rule from existing policies as this rule is no longer valid on Windows Vista and Windows Server 2008 and is only applicable on earlier versions of Windows. To emulate this rule in Windows Vista and Windows Server 2008, refer to Microsoft Knowledge Base Article 942964. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================