Submission + - Microsoft, Juniper won't fix dangerous IPv6 hole (networkworld.com)
Julie188 writes: "Security experts are urging Microsoft and Juniper to patch a year-old IPv6 vulnerability so dangerous it can freeze any Windows machine on a LAN in a matter of minutes. The hole is in a technology known as router advertisements, where routers broadcast their IPv6 addresses to help clients find and connect to an IPv6 subnet. Microsoft has downplayed the risk, and refuses to even post a Security Advisory about it, because it says the hole requires a physical connection to the wired LAN. (Experts point out that Microsoft routinely patches less dangerous holes that also require a connection to the LAN.) Juniper says it has delayed a patch because the hole only affects a small number of its products and it wants the IETF to fix the protocol instead. BTW, Linux and Cisco have long ago issued patches. In the past couple of weeks, public disclosure and video demonstrations of how to exploit the vulnerability on Windows have become more available by security professionals trying to get Microsoft to take action."