Editor note: This entry was originally written on Tuesday, 7/10/07. Technical difficulties prevented the release of this to the public...M

What is this space? It's where I will occasionally commiserate on new releases, updates and various other sundry items coming from Redmond, WA. It is fitting that my inaugural release comes on "Patch Tuesday", the second day of each month when Microsoft releases Security Bulletins along with patches for vulnerabilities and flaws found in their products.

This month, six new issues were identified and "hopefully" fixed. One such release included an issue with the Windows Vista firewall which Microsoft states "could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host."

"Oh my!! I'm unsafe...what am I going to do?" That is the first response many people may have when they see this bulletin. At first glance, it seems this could be a major problem, so why is it only rated Moderate? Further reading of the bulletin sheds a little more light on the topic...

How could an attacker exploit the vulnerability?
An attacker could remotely activate the Teredo interface under certain configuration scenarios or would have to convince a user to click a link containing a Teredo network address on a Web site, in an e-mail message or Instant Messenger message. Clicking the link would cause Teredo to enter an active state and subsequently cause the affected host to initiate communications with the attacker. This would then allow the attacker to know the target’s Teredo network address which could then be used to send communications to the host that are not blocked by the local Windows Vista firewall. Additionally, as Teredo facilitates network tunneling once a connection is established with an attacker, it would also be possible for the communications to potentially bypass network perimeter firewalls.

Teredo? WTH is that? Read on...

What is Teredo?
Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). To traverse IPv4 NATs, IPv6 packets are sent as IPv4-based User Datagram Protocol (UDP) messages. See the TechNet Web site for more information regarding the Teredo service.

Ok...but does it really affect me? Let's read on.

Could the vulnerability be exploited over the Internet?
Yes, this vulnerability could be exploited over the internet once a user has clicked on specially crafted link containing an IPv6 address causing the Teredo interface to be activated.

At this point, one can weigh the pros and cons of installing this update. It seems somewhat benign...I know my surfing habits and don't think I would stumble into the vulnerability. Yet, I am compelled to install it anyway. Why? A couple reasons:

•Although it may not affect me today, the chance of it affecting me in the future is pretty good as IPv6 technologies become more prevalent.•I paid a lot of money for the privilege of running the latest Operating System and by god, I'm going to at least make sure my investment is protected.

Will these updates break my system? That is another question I hear asked regularly. The answer I always give is sure, it could possibly affect your system. However, generally if a problem is created with an update, it is potentially affecting millions of others around the world. In that event, the vendor is usually very responsive to the problem and issues a "fix to the fix" in short order.

In all cases, I recommend users utilize the "Automatic Updates" feature built into the Microsoft Operating Systems to download these patches to their machines. I qualify this statement by suggesting users modify the settings to "Download updates for me, but let me choose when to install them." This change can be made by going to Control Panel-->Automatic Updates and modifying the settings accordingly. The image below shows the settings in Windows XP:




When updates appear, an icon will appear in the Notification Area of your Desktop (in the Task Bar, where your time is displayed). Clicking on the icon will present users with a dialogue box with the option to review each of the updates identified as necessary for the PC configuration. Not only does this allow the user to make an informed decision on what to install (assuming they take the time to read them) but it also eliminates the possibility of the system automagically rebooting after updates are applied, increasing the risk of lost or damaged data that may not have been saved.

For those interested in keeping up with the monthly releases from Microsoft, you can visit a regularly updated Security Bulletin FAQ in the Microsoft Forum. Another fantastic accumulation of information on updates for other popular Anti-Virus, anti-trojan and Spyware detection/removal appears daily in the Security Forum. If you are really keen on keeping up with the latest vulnerabilities in software not only from Microsoft but other vendors like Sun Java, Mozilla Firefox, Ubuntu, etc., then bookmark the Secunia.org web site. Be sure and check them all out.