[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <C23AD84E.2AE80%jim_hoagland@symantec.com>
Date: Thu, 05 Apr 2007 16:46:06 -0700
From: Jim Hoagland <jim_hoagland@...antec.com>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: Nine Vista CVEs, including Microsoft inaccurate Teredo use
case documentation
FWIW, the unknown third party that requested the CVEs turns out to be MITRE,
the government contractor that provides operational support for CVE. They
independently assigned the CVEs after reading the report.
Microsoft has not updated their documentation yet.
-- Jim
On 4/3/07 2:23 PM, "Jim Hoagland" <jim_hoagland@...antec.com> wrote:
> Hello all,
>
> In my blog today [1] I give a brief run-down of nine CVE entries that were
> recently published for Vista; the CVEs are numbered CVE-2007-1527 through
> CVE-2007-1535. At this point, I do not know who requested the entries be
> created. However, the entries are based on items reported in Symantec's
> recent Windows Vista Network Attack Surface Analysis report [2], for which I
> was lead author, so I thought that I was in a good position to explain them.
>
> Most of the CVEs are for items that are not especially significant and in
> one or two cases can be considered historic (aside from it being applicable
> to Vista in particular).
>
> I do discuss one item in more depth though, since I feel it is important.
> The documentation that is currently on the Microsoft web site makes it seem
> like you need to do something special for Teredo to become active. In
> reality, we have seen Teredo used on fresh Vista installs.
>
> Who is to say the reason Microsoft has the inaccurate information (it could
> be an innocent mistake that has remained unfixed for several months), but
> the effect is to downplay the configurations under which Teredo will be
> used. This misleads people as to how much attention they need to pay to
> Teredo when they install/deploy Vista. Teredo does pose some significant
> security concerns and it probably will not be uncommon to find a Vista host
> using Teredo.
>
> More in the blog [1] ...
>
> -- Jim
>
> [1]
> http://www.symantec.com/enterprise/security_response/weblog/2007/04/microsof
> ts_inaccurate_teredo_d.html ( http://preview.tinyurl.com/yu7vhu )
>
> [2]
> http://www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.
> pdf ( http://preview.tinyurl.com/2qrglc )
>
Powered by blists - more mailing lists