

Vulnerability in ICMPv6 could allow Denial of Service - vog
https://technet.microsoft.com/en-us/security/bulletin/ms13-065

======
taspeotis
> Vulnerability in ICMPv6 could allow Denial of Service (microsoft.com) 12
> points by vog 1 hour ago | flag | 7 comments

I read the linked page and all I could see was a vulnerability in Windows.

> The security update addresses the vulnerability by correcting how the
> Windows TCP/IP stack allocates memory while processing specially crafted
> ICMPv6 packets.

What website am I on, Slashdot?

~~~
vog
_> I read the linked page and all I could see was a vulnerability in Windows._

I never entered that crappy title. I chose a completely different one, which
was then changed by some admin. I added a new HN entry about this incident:

[https://news.ycombinator.com/item?id=6216685](https://news.ycombinator.com/item?id=6216685)

------
scottlinux
Vulnerability in how Windows does ICMPv6....

[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-31...](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3183)

~~~
vog
_> Vulnerability in how Windows does ICMPv6_

I never entered that crappy title. I chose a completely different one, which
was then changed by some admin. I added a new HN entry about this incident:

[https://news.ycombinator.com/item?id=6216685](https://news.ycombinator.com/item?id=6216685)

------
wbl
No, vulnerability in Windows allows Denial of Service. This isn't a protocol
flaw in ICMPv6.

~~~
vog
I never entered that crappy title. I chose a completely different one, which
was then changed by some admin. I added a new HN entry about this incident:

[https://news.ycombinator.com/item?id=6216685](https://news.ycombinator.com/item?id=6216685)

------
X-Istence
Could it be added that this is just in Windows, in the title? Sure it links to
a Microsoft.com domain, but there are plenty of research projects hosted by
Microsoft that are not necessarily on Windows...

This had me worried I would be spending time checking to make sure all the
OS's I admin are secured against this "threat" somehow...

~~~
vog
_> Could it be added that this is just in Windows, in the title_

I never entered that crappy title. I chose a completely different one, which
was then changed by some admin. I added a new HN entry about this incident:

[https://news.ycombinator.com/item?id=6216685](https://news.ycombinator.com/item?id=6216685)

------
MichaelGG
I know it isn't particularly noteworthy, but if you go through MS's buglist,
essentially every single critical hole is due to using unsafe languages. And
despite how much effort has gone into tooling and scanning and automation,
stuff like this is still found monthly.

~~~
yuhong
Same thing with every browser. IE, Firefox, Chrome all push security updates
monthly now.

------
peterwwillis
This happens in every single fucking version of Windows. Every time, since
3.11, they find another remote DoS using just ICMP. It's insane. It's like
they plant it there to force people to apply the next service patch.

------
aioprisan
damn, and I thought that ICMPv6 made us impervious to DoS attacks.

------
wmf
Not sure why one Windows bug out of thousands is front page material.

~~~
hosay123
I guess you may have just woken up from a coma that started in the late 90s..
in any case, Windows security is vastly improved in recent years, and even if
it weren't, remote DoS against a hugely deployed OS in a kernel driver in the
default install is still very noteworthy.

