Vulnerability Protection

Vulnerability in IPSec Could Allow Denial of Service

Summary

A vulnerability involving IPSec in Windows could, if successfully exploited, cause an affected system to become unresponsive. 

Detailed Description


Microsoft has released a security update to address a reported vulnerability involving Internet Protocol Security (IPSec). The vulnerability was caused by improper handling of encryption negotiation, and could be exploited to cause an affected system to become unresponsive. In order to exploit it, the attacker must posses valid credentials. 

CVE Reference


  • CVE-2015-6111

Solution


Install the latest security patch for applicable systems, available for download from https://technet.microsoft.com/en-us/library/security/MS15-120

Source


Microsoft Security Bulletin MS15-120

Get Support

For documentation and product support, visit our support site.

Go Support

F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.

Go Community