VoIPshield Discovers Security Flaws in Microsoft VoIP Products

VOIPshield_logo.gifVoIPshield is making its first-ever announcement in a new category of research related to security vulnerabilities in VoIP and Unified Communications systems. These vulnerabilities affect applications that use media stream protocols like RTP, a popular standardized packet format for delivering audio and instant messaging over the Internet.

The Microsoft products affected are Office Communications Server 2007, Office Communicator and Windows Live Messenger. These products deliver software-powered VoIP, presence, instant messaging and audio/video/Web conferencing functionality to end users. Microsoft estimates that over 250 million computers worldwide run these applications. All use RTP to deliver the content of the message; therefore all are vulnerable to this class of attack.

The Microsoft vulnerabilities announced today, if exploited, cause a Denial of Service condition against not only the stated applications but the entire desktop environment.

Under its Responsible Disclosure Policy, VoIPshield confidentially discloses full details of the vulnerabilities to the affected vendors, and works with them to facilitate the development of application fixes. Details of the vulnerabilities are not publicly disclosed.

Securing the media stream is particularly challenging because once the messaging session is established, the flow of voice packets is not always monitored and managed by the call server.

Effective immediately, customers of VoIPshield's VoIPguard VoIP/UC Intrusion Prevention System can download the new signatures using the VoIPshield Update subscription service. VoIPguard contains over 500 VoIP/UC specific signatures to detect and prevent malicious signalling and media traffic.

Posted on Nov 12, 2008  Reviews | Share |  Digg
Filed in:
All comments require the approval of the site owner before being displayed.

Post a Comment

Please use a valid e-mail address. Your address will not be publicly visible and is only a means for us to contact you when asked. Thank you.

Name
E-mail
(will show your gravatar icon)
Home page

Comment (Some html is allowed: )  

Enter the code shown (prevents robots):




  All brand, company, and product names are trademarks or registered trademarks of their
  respective owners. © 2012 VoIP Monitor. All rights reserved. Privacy Policy  Terms