Darren Willis

**Name of the Vulnerable Software and Affected Versions** HP ProCurve 1700-8 (aka J9079A) versions before VA.02.09 HP ProCurve 1700-24 (aka J9080A) versions before VB.02.09 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of victims via unknown vectors. **Recommendations** For HP ProCurve 1700-8 (aka J9079A) versions before VA.02.09, update to version VA.02.09 or later to resolve the issue. For HP ProCurve 1700-24 (aka J9080A) versions before VB.02.09, update to version VB.02.09 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 Microsoft Windows 7 **Description** A denial of service issue exists due to improper handling of malformed IPv6 packets by the TCP/IP stack. This allows remote attackers to cause a system hang via crafted packets. The issue arises from an error in processing specially crafted IPv6 packets with a malformed extension header. An attacker could exploit this by sending a small number of specially crafted packets, causing the system to stop responding. **Recommendations** For Microsoft Windows Vista versions SP1 through SP2, update to a version that properly handles IPv6 packets to prevent the system hang. For Microsoft Windows Server 2008 versions Gold through R2, apply configuration changes to restrict the processing of malformed IPv6 packets. For Microsoft Windows 7, consider disabling IPv6 support until a patch is available to mitigate the risk of exploitation.