CVE Number Vulnerability Product Severity Date
MS08-047 Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) Windows Vista Critical 13-08-2008

Technical Information

Brief overview of the risk:
An information disclosure vulnerability exists in the manner in which IPsec policies are imported to Windows Server 2008 domains from Windows Server 2003 domains. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would potentially disclose information intended to be encrypted on the network.
Detailed Information on the risk:
An attacker intercepting the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system.Further information on this exploit is available at : MS08-047

Affected Software

Windows Vista
Windows Vista Service Pack 1
Windows Vista x64 Edition
Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for x64-based Systems