You are here: silicon.com > Software > Security Strategy

Security Strategy

Microsoft keeps schtum over IP breach allegations

Cisco has already offered a fix for the ICMP error message flaw

Tags: icmp, hacking, voip, microsoft

By Dan Ilett

Published: 15 April 2005 17:00 GMT

Microsoft has refused to comment over allegations that computers running its Windows operating system are affected by a serious vulnerability in one of the internet's underlying technologies.

The UK's National Infrastructure Security Co-ordination Centre (NISCC) earlier this week published details of this denial-of-service vulnerability, which affects some routers, firewalls and voice over IP (VoIP) phones.

The vulnerability is in the way ICMP error messages are handled and would allow hackers to reset connections between computers and stop activity, such as VoIP conversations, from working.

Cisco, Juniper and IBM have admitted that the vulnerabilities exist in their equipment, but the security researcher who claimed to have found the flaws has now claimed that Microsoft is also affected.

"All (or most) versions of Microsoft Windows are vulnerable," wrote Fernando Gont. "Keep in mind this is an important item, as Microsoft has the largest installed base."

Microsoft declined to comment on Gont's allegations.

In an email to silicon.com's sister site ZDNet UK, Gont added that Cisco "refused to cooperate with NISCC" over the vulnerability.

Cisco's router operating system IOS, PIX firewalls and some VoIP phones are affected by the vulnerability. The company said it has released a fix and rebutted Gont's claims.

"We've provided the fix and notified our customers," said a Cisco spokesman. "We know that Fernando Gont brought details of the vulnerability to the attention of NISCC. We have been working closely [with NISCC] to address the issue, but this vulnerability is not specific to Cisco."

Network company Juniper issued a statement claiming to have fixed the problem: "Juniper Networks has identified the issue and has provided a software fix. Customers with service contracts can log into the restricted area on our website."

Dan Ilett writes for ZDNet UK.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead

Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy


  • Jobs
Web Applications Vulnerability Tester

Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...

Business Systems Platform Support Engineer

Key accountabilities To manage the provision of Linux operating system to support the Business System community To provide technical support to the ...

Mainframe zSeries Specialist

Planning and application of system software patches to fix problems. zSeries Specialist Our client based in the Czech Republic requires Mainframe ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: