• Windows Server 2008 for 32-bit Systems
• Windows Server 2008 for Itanium-based Systems
• Windows Server 2008 for x64-based Systems
• Windows Vista
• Windows Vista Service Pack 1
• Windows Vista x64 Edition
• Windows Vista x64 Edition Service Pack 1

This update resolves a vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied, which may cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. A malicious user viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability does not result in code execution or elevation of user rights. However, it enables a malicious user to collect useful information, which may be used to further compromise the affected system or network.

Patches for this vulnerability can be downloaded on this Microsoft Web page.

Microsoft advises to not select the Default Response Rule during IPsec policy creation or uncheck this rule from existing policies, as this rule is only applicable on earlier versions of Windows. Note that this rule no longer applies to Windows Vista and Windows Server 2008.

More details regarding these workarounds may be found on this Microsoft Web page.