You use a Windows Vista-based or Windows Server 2008-based computer that is behind a Network Address Translation (NAT) device. When you use this computer to try to communicate with another computer through an Internet Protocol security (IPsec) tunnel-mode connection, the connection fails.

Consider the following scenario:

• In a network environment, you configure the Internet Protocol security (IPsec) policy to use the tunnel mode.
• In the IP Filter Properties dialog box of the IPsec policy, you use a subnet address for the Source Address or for the Destination Address.
• You try to establish the IPsec tunnel-mode connection to a partner computer from a Windows Vista-based computer or from a Windows Server 2008-based computer.

In this scenario, the computer cannot negotiate the security mode with the partner computer. Therefore, you cannot use IPsec to secure the connection.

Description: This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. The security update addresses the vulnerability by ensuring that IPsec rules are processed appropriately. Keep reading →

Consider the following scenario. You use Windows Vista Local Security Policy on a Windows Vista-based computer. Or, you use the new Windows Firewall with Advanced Security on a Windows Vista-based computer. You try to initiate an Internet Protocol Security (IPsec) connection from a Linux-based computer to the Windows Vista-based computer. In this scenario, you cannot establish the connection.

Notes:

• If you initiate the IPsec connection from the Windows Vista side, the connection is established correctly.
• Windows XP and Windows Server 2003 work correctly with the Linux operating system in this environment.

Internet Protocol Security: A suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment.

• Core Temp 0.97 released, Vista x64 finally supported
  A CPU temperature monitoring software package that is now Vista 64-bit compatible.
  (tags: Utility CPU )
• The Microsoft IPsec Diagnostic Tool is available for Windows Server 2008, for Windows Vista, for Windows Server 2003, and for Windows XP
  You can use the Microsoft IPsec Diagnostic Tool to check for common network problems on the host computer. When problems are found, the tool suggests appropriate repair commands.
  (tags: IPsec )

Keep reading →

You can use the Microsoft IPsec Diagnostic Tool to check for common network problems on the host computer. When problems are found, the tool suggests appropriate repair commands. Keep reading →

• The FMS Flight Simulator Is Now Working with Windows Vista
  If you use FMS Flight Simulator, here are instructions on how to get around the D3DRM.DLL error so the program will run properly.
  (tags: Games )
• Information about new Group Policy preferences in Windows Server 2008
  This article discusses the Group Policy preferences that are new in Windows Server 2008 and how to enable down-level computers to process these new items. This new functionality can only be configured using Server 2008 or Vista SP1.
  (tags: SP1 GPO )

Keep reading →

This article describes the new Crypto Operators security group that was added to Windows Vista Service Pack 1 (SP1) to configure Windows Firewall for IPsec in Common Criteria mode. Keep reading →

Microsoft is removing cryptographic algorithms that are no longer considered secure from Windows Vista and from Windows Server 2008. Therefore, policies that were created by using the IP Security Policies Management snap-in or by using the netsh ipsec command have been changed to remove MD5 and DES from the default policies. The new defaults are backward compatible with policies that were created by using the defaults in Microsoft Windows 2000, in Windows XP, and in Windows Server 2003. Additionally, MD5 and DES can still be configured as part of a policy if they are required for compatibility or interoperability reasons.