IPv6-handling flaw found in Windows 7
Researchers have found a flaw in the way Windows 7 handles IPv6, one of the key protocols underlying the internet, saying attackers could use the vulnerability to crash PCs.
The security firm Barracuda Labs said on Tuesday that someone would have to make a targeted denial-of-service attack to exploit the vulnerability, but exploitation could cause failure in a PC's network connectivity, applications and sound system.
Microsoft has acknowledged and reported the flaw, but has said it will not patch it in a security update, because exploiting the vulnerability requires local network access. According to Barracuda Labs researcher Thomas Unterleitner, the vulnerability lies in the way Windows 7's remote procedure call (RPC) function handles malformed DHCPv6 requests — DHCP (Dynamic Host Configuration Protocol) being the automatic configuration protocol that lets servers allocate IP addresses to clients at start-up.