News & Information for Technology Purchasers
NewsFactor Network Sites:   NewsFactor.com Security CRM Business Sci-Tech Newsletters XML/RSS Feed  
   
Home Enterprise I.T. Hardware Software Communications More Topics...
Network Security
Average Rating:
Rate this article:  
Windows XP Firewall Hack Released Windows XP Firewall Hack Released
By Tim Gray
November 1, 2006 9:02AM

    Bookmark and Share
The Windows XP firewall hack is relatively obscure and easily fixable, according to security experts. To execute the firewall exploit, a hacker would have to be within the LAN and the attack would work only on systems using Microsoft's Internet Connection Service (ICS), which is disabled by default on Windows XP installations.
 

Related Topics

Windows
Firewalls
Hackers
Microsoft

Latest News

Nvidia Auto-Switches Notebook GPU
Macworld Focuses on Mobile Apps
MS: Windows 7 Doesn't Hurt Battery
Nexus One 'Support' Passes the Buck
MS: Russian Pirates Scamming Us


Security researchers say hackers have published code that could let an attacker disable the built-in firewall on computers running Microsoft Relevant Products/Services's Windows Relevant Products/Services XP operating system Relevant Products/Services.

The code, which has been available on the Internet since Sunday, could be used to disable the firewall on completely up-to-date Windows XP computers running Microsoft's Internet Connection Service (ICS), allowing malicious code to be planted on those machines.

The exploit details ways to send specially formed malicious data Relevant Products/Services packets to force ICS to fail. Because ICS is connected to the Windows XP firewall, the packets could also cause the firewall to fail.

LAN Vulnerability

ICS is used to allow Windows XP computers to behave like routers to share an Internet connection with other computers on a local area network Relevant Products/Services (LAN). It is primarily configured this way by home users and small businesses.

Microsoft has confirmed it is investigating the ICS issue, and said it has concluded that the issue affects Windows XP. "Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer Relevant Products/Services impact at this time," the company said in a statement.

The software giant first received the tip from Tyler Reguly, of security firm nCircle, who noted on his blog that hackers sending malformed data packets to vulnerable machines could disable and eventually bypass the operating system firewall.

So far, only Windows XP computers with the ICS service Relevant Products/Services turned on are affected by the attack.

Exploits Limited

Security experts are saying the vulnerability is relatively obscure and easily fixable.

The attacks are expected to be limited because a hacker would have to be within a LAN in order to make the exploit work, and the attack would of course work only on systems running ICS, which is disabled by default. Additionally, the attack would have no impact on any third-party firewall being used.

"Once enabled, an attacker could only attempt to exploit this issue from the user's local network," Microsoft stated. "It cannot be remotely exploited." Microsoft also said it will continue to investigate the reports to help provide additional guidance for customers, as necessary.

"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs," the company stated.
 

Tell Us What You Think
Your Comment:

Also Visit:


Advertisement


 Network Security
1.   China Cyberattacks: Pervasive Threat
2.   Patch Tuesday Will Tie MS Record
3.   Cybersecurity Appears Hot for 2010
4.   EPIC Objects To Google-NSA Ties
5.   Torrent Traps Used To Harvest Logins


advertisement
EPIC Objects To Google-NSA TiesEPIC Objects To Google-NSA Ties
Cyberattack meant to rattle Google?
Average Rating:
Torrent Traps Used To Harvest LoginsTorrent Traps Used To Harvest Logins
Web sites sold with backdoor access.
Average Rating:
Social Networks: A Hacker's DelightSocial Networks: A Hacker's Delight
Workers urged to be 'trained skeptics.'
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

CRM Systems

  Experience CRM—and Business—Success today with Salesforce.com.

Data Storage

  AT&T Synaptic Storage as a Service. Learn more.

Enterprise Hardware

  Trade in your old printer and save up to $400.
  Find out why now is the best time to buy a new APC Smart-UPS!
  HP ProLiant G6 Servers. Perform like a superstar, Save like an accountant.

Enterprise I.T.

  Tell us what you think. Take a survey.
  AT&T Synaptic Storage as a Service. Learn more.
  Find out why now is the best time to buy a new APC Smart-UPS!
  Stand out from other IS Professionals and increase your earning potential.

Enterprise Software

  Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2.

Microsoft/Windows

  Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2.

Enterprise Hardware Spotlight
Nvidia Auto-Switches Notebook GPU To Save Battery Life
Nvidia has taken the wraps off a notebook technology that chooses the best graphics processor for any given application and automatically routes the workload to Nvidia or Intel processors.
 
Microsoft Says Battery Woes Not Caused By Windows 7
Battery problems on Windows 7 machines are not caused by the operating system. That's the position of Stephen Sinofsky, head of the Windows division, in a long posting on the Windows engineering blog.
 
IBM's New POWER7 Servers Save Energy with Big Loads
IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."
 

Enterprise Technology Spotlight
Google May Add Facebook, Twitter Links to Gmail
Google will reportedly roll more social-networking features into Gmail, the fastest-growing e-mail service. The new features could save users the trouble of switching to Facebook or Twitter.
 
IBM's New POWER7 Servers Save Energy with Big Loads
IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."
 
IBM Opens Eco-Friendly, Cloud-Focused Data Center
IBM has opened its latest data center in North Carolina. Big Blue said the $362 million facility in Research Triangle Park is designed to support cloud computing and other new computing models.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source
Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | Free Whitepapers | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2010 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.