| ||Thread Tools|
|2nd September 2005, 05:55||#1|
Join Date: Mar 2004
Windows Firewall flaw may hide open ports
A flaw in Windows Firewall may prevent users from seeing all the open network ports on a Windows XP or Windows Server 2003 computer.
The flaw manifests itself in the way the security application handles some entries in the Windows Registry, Microsoft said in a security advisory published Wednesday. The Windows Registry stores PC settings and is a core part of the operating system.
The bug could allow a firewall port to be open without the user being informed through the standard Windows Firewall user interface, according to the Microsoft advisory. The company has released a fix that can be downloaded from Microsoft's Web site and will be part of a future Windows service pack, the company said.
Microsoft said the firewall issue is not a security vulnerability but said the flaw could be used by an attacker who already compromised a system in an attempt to hide exceptions in the firewall.
Previous Next For example, miscreants who have penetrated a computer could create and hide a firewall exception by inserting a malformed Windows Firewall exception entry in the Windows Registry. "An attacker who already compromised the system would create such malformed registry entries with the intent to confuse a user," Microsoft said.
Like other firewall software, Windows Firewall is meant to block incoming traffic to a computer. Users can allow incoming connections by creating exceptions. Windows Firewall displays these exceptions in the firewall UI, which can be reached by going to the Windows Control Panel and selecting Windows Firewall.
PC users can view all firewall exceptions--including those the unpatched Windows Firewall doesn't see--through other tools, Microsoft notes. Typing "netsh firewall show state verbose = ENABLE" at a command prompt will display all active exceptions, the company said in its advisory.
Opteron 165 (2) @2.85 1.42 vcore AMD Stock HSF + Chill Vent II
|Thread||Thread Starter||Forum||Replies||Last Post|
|Microsoft warns of TLS/SSL flaw in Windows||jmke||WebNews||0||10th February 2010 13:28|
|175 Windows 7 Tweaks, Tips, and How-To Articles||jmke||WebNews||2||23rd October 2009 14:00|
|Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch||jmke||WebNews||0||14th April 2009 18:47|
|Microsoft Security Bulletin Summary for September 2008||jmke||WebNews||0||9th September 2008 19:20|
|Microsoft Security Bulletin Summary for August 2007||jmke||WebNews||0||14th August 2007 22:21|
|IE flaw puts Windows XP SP2 at risk||Sidney||WebNews||3||6th February 2007 17:25|
|Cybercrooks add Windows flaw to arsenal||jmke||WebNews||0||2nd October 2006 10:08|
|Microsoft Security Bulletin Summary for June 2006||jmke||WebNews||0||14th June 2006 20:51|
|Windows flaw reaches beyond XP||Sidney||WebNews||0||19th July 2005 00:05|
|List of fixes included in Windows XP Service Pack 2||jmke||WebNews||1||17th August 2004 15:03|