You are here: silicon.com > Software > Security Strategy

Security Strategy

'Critical' XP flaw patched

'Um... You know how we said there'd be no more patches? Well there's just this one... And it's quite important... '

By Robert Lemos

Published: 17 December 2004 15:20 GMT

Microsoft released a "critical" fix on Thursday for a security issue left unresolved by the Windows XP Service Pack 2.

Gary Schare, director of product management for Windows, said the configuration change closed a hole in the Windows firewall settings that could open up PCs to attack if the machines had been set to share files or a printer with the local network.

"The changes we made in Service Pack 2 were better than before, but they could be narrowed even further," he said. "We told people [in September] that we would issue a software update and now we have."

The hole could allow anyone to access a PC that has its file sharing exceptions set up in the Windows XP SP2 firewall. The problem affects only those who use dialling software to connect to the Internet, Microsoft indicated in a Knowledge Base article on its website.

Microsoft did not classify the configuration issue as a software vulnerability and so did not distribute the configuration update with the patches it released earlier this week, Schare said. In fact, the security group did not handle the issue; the Windows product group did.

"We didn't do as good a job as we intended getting this out," he said. "This fell between the teeth. The security team said it wasn't a vulnerability, so we don't handle it, and the product people said they are not used to meeting the monthly update schedule."

Windows XP users who use Windows update will automatically download the configuration changes.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

  • Jobs
IT Systems Support Manager

Conduct regular quarterly and annual audits for all the IT systems Deliver basic IT user best practice guidance, where applicable, to end-users, ...

Technical Support with French

Track and handle CTS problem management queue? Technical knowledge for troubleshooting problems with:-Work stations with ZENworks for Desktops V7-MS ...

Information Technology Engineer

Maintain and monitor Internet traffic (www, ftp), using Proxy Server/Firewall/Tunnel and VPN technologies. Maintain PC and Peripherals, including ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: