You are here: silicon.com > Software > Security Strategy

Security Strategy

Windows Firewall flaw causes port hazard

Attacker exploit possible, admits Microsoft

Tags: windows firewall, flaw, windows, microsoft

By Joris Evers

Published: 2 September 2005 08:35 BST

A flaw in Windows Firewall may prevent users from seeing all the open network ports on a Windows XP or Windows Server 2003 computer.

The flaw manifests itself in the way the security application handles some entries in the Windows Registry, Microsoft said in a security advisory published on Wednesday. The Windows Registry stores PC settings and is a core part of the operating system.

The bug could allow a firewall port to be open without the user being informed through the standard Windows Firewall user interface, according to the Microsoft advisory. The company has released a fix that can be downloaded from Microsoft's website and will be part of a future Windows service pack, the company said.

Microsoft said the firewall issue is not a security vulnerability but said the flaw could be used by an attacker who already compromised a system in an attempt to hide exceptions in the firewall.

For example, miscreants who have penetrated a computer could create and hide a firewall exception by inserting a malformed Windows Firewall exception entry in the Windows Registry. Microsoft said: "An attacker who already compromised the system would create such malformed registry entries with the intent to confuse a user."

Like other firewall software, Windows Firewall is meant to block incoming traffic to a computer. Users can allow incoming connections by creating exceptions. Windows Firewall displays these exceptions in the firewall UI, which can be reached by going to the Windows Control Panel and selecting Windows Firewall.

PC users can view all firewall exceptions - including those that the unpatched Windows Firewall doesn't see - through other tools, Microsoft notes. Typing "netsh firewall show state verbose = ENABLE" at a command prompt will display all active exceptions, the company said in its advisory.

Joris Evers writes for CNET News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

  • Jobs
Senior 2nd Line Support Engineer Manchester 26,000

Services / managed mail services Backup / DR Technologies: Acronis / Symantec Back-up exec / SonicWALL CDP PC Hardware and software fault finding ...

Entry Level Risk Role - Top City Hedgefund/Investment Bank

A top city hedgefund / investment bank is looking to hire an entry level risk consultant to join their well renowned risk team. A top city hedgefund ...

Technical Support Engineer Windows XP 2003, Microsoft Outlook, LANs, WANs, DNS,

Technical Support Engineer Windows XP 2003, Microsoft Outlook, LANs, WANs, DNS, - Lambeth - 2198 RM helps to push the boundaries of technology to ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.





Quick Sitemap Links: