Teredo is the implementation of a tunnelling protocol in Windows Vista. A recent research from Symantec Advanced Threat Research shows that it has unforseen side-effects, Symantec said, among them that it could allow attackers to evade organisations security measures.
The report (PDF), called "Windows Vista Network Attack Surface Analysis", was prepared by Dr. James Hoagland, Matt Conover, Tim Newsham and Ollie Whitehouse. The researchers noted that Vista introduces a completely rewritten network stack, which means Vista will behave differently than Windows XP - something network administrators need to be wary of, according to Symantec.
In the symantec's research report we can find: "Tunnelling methods can be used to evade security controls, and that is what Teredo does (though that was not the intent). Unless network firewalls and IDSs are specifically aware of this protocol, they will not be applying the appropriate filtering to the IPv6 packet and its contents; this reduces defence-in-depth, and may result in a failure to apply important security controls."

    The tunnelling protocol Teredo is designed as a temporary measure to allow devices with IPv6-unaware NAT devices to take advantage of IPv6 connectivity; it encapsulates IPv6 packets within IPv4 UDP datagrams. One problem with this is that if administrators aren't aware Teredo is being used, it may help attackers gain access to targets on private internal networks, Symantec said. Many intrusion detection systems and firewalls are not currently aware of Teredo. If left unhandled and unchecked, IPv6 and its accompanying transition technologies allow an attacker access to hosts on private internal networks without the administrator expecting this global accessibility," the report said.

    The researchers found that Teredo is enabled by default, though dormant, and "that it was readily used, despite Microsoft's apparently inaccurate statements that downplay its level of activity". Another problems that the resarcher found was that Vista, in some cases, switches on Teredo without any intervention from the user. The operating system requires a firewall to be running to activate Teredo, but this measure, while "sensible", "cannot compensate for all of Teredo's problematic security implications," Symantec said. Microsoft has responded that the paper in fact validates Microsoft's design decisions in Vista, while acknowledging that improvements could be made.
    "We believe many of the most recent third-party [analyses] of Windows Vista, including this paper, [validate] many of the key design decisions made in the product. We look forward to further discussing the areas where Symantec has noted improvements could be made to benefit customers." Jim Hahn, a product manager for Microsoft's Windows Client Team, said in a statement.