CVE-2015-6111

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1 Microsoft Windows 10 Gold and 1511

Description The issue is related to errors in resource management in the implementation of IPSec in the Windows operating system. It can be exploited by a remote attacker to cause a denial of service by sending specially crafted IP packets. The vulnerability exists due to the improper handling of encryption negotiation by the IPSec service, which can cause the system to become nonresponsive. To exploit this vulnerability, an attacker must have valid credentials.

Recommendations For Microsoft Windows 8, update to a version that includes the fix for the IPSec denial of service issue. For Microsoft Windows 8.1, update to a version that includes the fix for the IPSec denial of service issue. For Microsoft Windows Server 2012 Gold and R2, update to a version that includes the fix for the IPSec denial of service issue. For Microsoft Windows RT Gold and 8.1, update to a version that includes the fix for the IPSec denial of service issue. For Microsoft Windows 10 Gold and 1511, update to a version that includes the fix for the IPSec denial of service issue. As a temporary workaround, consider restricting access to the IPSec service until a patch is available.