LAS VEGAS -- Vista users would be wise to turn off the Teredo IP tunneling system that is enabled by default in Microsoft's newest operating system, since attackers may be able to exploit it for phishing, pharming and other mischief. James Hoagland, principal security researcher for Symantec Corp., issued that warning Thursday during a presentation at the Black Hat 2007 conference.
Hoagland -- along with fellow researchers Matt Conover, Tim Newsham and Ollie Whitehouse -- conducted an extensive analysis of Vista. They found that while Microsoft has significantly improved security in the latest version of Windows, new vulnerabilities were likely created in the process.
He said Microsoft loves IPv6 because, among other things, it eases the process of setting up peer-to-peer (P2P) gaming programs. But on the down side, IPv6 can also double Vista's possible attack surface -- at least until IPv4 is eliminated. Furthermore, many network security controls may not be ready for IPv6.
Hoagland noted that the Cupertino, Calif.-based Symantec has already discovered one Teredo/IPv6-related flaw in Vista, which Microsoft patched in the MS07-038 security update released last month. According to the researchers, the Teredo interface in Vista was not properly handling certain network traffic, allowing remote attackers to bypass firewall-blocking rules and obtain sensitive information via crafted IPv6 traffic.
Attackers could also exploit Vista's implementation of Teredo to bypass such network security controls as firewalls and intrusion detection-prevention (IDS/IPS) systems. To correct this, Hoagland said security tools need to be reprogrammed so they are specifically aware of Teredo.
"Because it can be so difficult to inspect Teredo, a consensus has been reached [in the information security community] that Teredo should not be used in managed networks," Hoagland said.
To be fair, he said, there are some positives with Teredo. It requires a lot of packet-sanity checks, which can prevent a number of attacks. The program also includes some decent anti-spoofing mechanisms. But for Hoagland, that's not much of a silver lining.
"Disable Teredo and block it on the network," Hoagland instructed, "upgrade your security controls and beware of Teredo tunneling through your network."