IPSec Denial of Service Vulnerability in Microsoft Windows Products
CVE-2015-6111

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Server 2012; Windows Rt; Windows 8.1; Windows Rt 8.1
Vendor: CVE Published:; 11 November 2015

Summary

The vulnerability exists due to a flaw in the IPSec encryption negotiation process within various Microsoft Windows systems. When exploited, this flaw allows remote authenticated users to send specially crafted IP traffic causing significant system disruption by leading to a denial of service, often manifested as a system hang. Systems affected include Windows 8, Windows 8.1, multiple versions of Windows Server, Windows RT, and Windows 10. Proper security measures, including applying the latest security updates, are crucial to mitigate this risk.

References

http://www.securitytracker.com/id/1034123

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Timeline

Vulnerability published
Nov 11, 2015
Vulnerability Reserved
Aug 14, 2015