Microsoft silent over IP vulnerability claims

A researcher who found a vulnerability that affects networking products from Cisco, Juniper and IBM now says most versions of Microsoft Windows are also vulnerable
Written by Dan Ilett, Contributor

Microsoft has refused to comment over allegations that computers running its Windows operating system are affected by a serious vulnerability in one of the Internet's underlying technologies.

The UK's National Infrastructure Security Co-ordination Centre (NISCC) published details of this denial-of-service vulnerability earlier this week that affects some routers, firewalls and voice-over-IP (VoIP) phones.

The vulnerability is in the way ICMP error messages are handled would allow hackers to reset connections between computers and stop activity, such as VoIP conversations, from working.

Cisco, Juniper and IBM have admitted that the vulnerabilities exist in their equipment, but the security researcher who claimed to have found the flaws has now claimed that Microsoft is also affected.

"All (or most) versions of Microsoft Windows are vulnerable," wrote Fernando Gont. "Keep in mind this is an important item, as Microsoft has the largest installed base."

Microsoft declined to comment on Gont's allegations.

In an email to ZDNet UK, Gont added that Cisco "refused to cooperate with NISCC" over the vulnerability.

Cisco's router operating system IOS, PIX firewalls and some VoIP phones are affected by the vulnerability. The company said it has released a fix and rebutted Gont's claims.

"We've provided the fix and notified our customers," said a Cisco spokesman. "We know that Fernando Gont brought details of the vulnerability to the attention of NISCC. We have been working closely [with NISCC] to address the issue, but this vulnerability is not specific to Cisco."

Network company Juniper issued a statement claiming to have fixed the problem: "Juniper Networks has identified the issue and has provided a software fix. Customers with service contracts can log into the restricted area on our Web site."

Editorial standards