• silicon.com
• Technology
• Security

By Dan Ilett, 15 April 2005 17:00

NEWS Microsoft has refused to comment over allegations that computers running its Windows operating system are affected by a serious vulnerability in one of the internet's underlying technologies.

The UK's National Infrastructure Security Co-ordination Centre (NISCC) earlier this week published details of this denial-of-service vulnerability, which affects some routers, firewalls and voice over IP (VoIP) phones.

The vulnerability is in the way ICMP error messages are handled and would allow hackers to reset connections between computers and stop activity, such as VoIP conversations, from working.

Cisco, Juniper and IBM have admitted that the vulnerabilities exist in their equipment, but the security researcher who claimed to have found the flaws has now claimed that Microsoft is also affected.

"All (or most) versions of Microsoft Windows are vulnerable," wrote Fernando Gont. "Keep in mind this is an important item, as Microsoft has the largest installed base."

Microsoft declined to comment on Gont's allegations.

In an email to silicon.com's sister site ZDNet UK, Gont added that Cisco "refused to cooperate with NISCC" over the vulnerability.

Cisco's router operating system IOS, PIX firewalls and some VoIP phones are affected by the vulnerability. The company said it has released a fix and rebutted Gont's claims.

"We've provided the fix and notified our customers," said a Cisco spokesman. "We know that Fernando Gont brought details of the vulnerability to the attention of NISCC. We have been working closely [with NISCC] to address the issue, but this vulnerability is not specific to Cisco."

Network company Juniper issued a statement claiming to have fixed the problem: "Juniper Networks has identified the issue and has provided a software fix. Customers with service contracts can log into the restricted area on our website."

Dan Ilett writes for ZDNet UK.