MediumIBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Network, RealSecure Server Sensor, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This event triggers when a fragmented IPv6 packet contains a misplaced 'Hop-by-Hop' header which could result in a DoS of the Windows system to which it was directed.
Depending upon your product and/or configuration, this event may be information only: if you have configured your IPS to not drop malformed packets, then this event will provide protection in the absence of that configuration.
However, the construction necessary to trigger this event will render a packet that is automatically dropped by the IPS and as such, prior protection was in place well before CVE-2010-1892/MS10-058 was known as a defect.
Medium
IBM Security Server Protection for Windows: 2.1.14.2550, Proventia Network MFS: XPU 30.080, Proventia-G 1.1 and earlier: XPU 30.080, Proventia Network IDS: XPU 30.080, RealSecure Network: XPU 30.080, RealSecure Server Sensor: XPU 30.080, Proventia Desktop: 2550, Proventia Network IPS: XPU 30.080, Virtual Server Protection for Vmware: XPU 30.080, Proventia Server IPS for Linux technology: 30.080
Microsoft Windows Vista: SP1, Microsoft Windows Vista: SP1 x64, Microsoft Windows Server 2008: Itanium, Microsoft Windows Server 2008: x32, Microsoft Windows Server 2008: x64, Microsoft Windows Vista: SP2 x64, Microsoft Windows Vista: SP2, Microsoft Windows Server 2008: SP2 x32, Microsoft Windows Server 2008: SP2 x64, Microsoft Windows 7: x64, Microsoft Windows 7: x32, Microsoft Windows Server 2008: R2 x64, Microsoft Windows Server 2008: R2 Itanium, Microsoft Windows Server 2008: SP2 Itanium
Denial of Service
Microsoft Windows is vulnerable to a denial of service, caused by the improper handling of malformed IPv6 packets by the TCP/IP stack. By sending specially-crafted IPv6 packets with a malformed extension header, a local attacker could exploit this vulnerability to cause the system to stop responding.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS10-058
Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
http://www.microsoft.com/technet/security/bulletin/ms10-058.mspx
IBM Internet Security Systems Protection Alert
Microsoft Windows TCP/IP could cause Elevation of Privilege
http://www.iss.net/threats/378.html
Microsoft Security Bulletin MS11-064
Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
http://www.microsoft.com/technet/security/bulletin/ms11-064.mspx
Microsoft Security Bulletin MS11-083
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
http://www.microsoft.com/technet/security/bulletin/ms11-083.mspx
Microsoft Security Bulletin MS12-032
Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
http://technet.microsoft.com/en-us/security/bulletin/ms12-032
ISS X-Force
Microsoft WindowsTCP/IP IPv6 denial of service
http://www.iss.net/security_center/static/60721.php
CVE
CVE-2010-1892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1892