Average Rating: Rate this article:

Windows XP Firewall Hack Released By Tim Gray November 1, 2006 9:02AM     The Windows XP firewall hack is relatively obscure and easily fixable, according to security experts. To execute the firewall exploit, a hacker would have to be within the LAN and the attack would work only on systems using Microsoft's Internet Connection Service (ICS), which is disabled by default on Windows XP installations.   Related Topics Windows Firewalls Hackers Microsoft Latest News Plasma-TV Ban Could Be Costly Barnes & Noble Nook Is Delayed Flat PC Shipments Hurt Dell's Stock Ballmer Says Windows 7 Sales Good New Pogoplug 'Cloud' Gets Social Security researchers say hackers have published code that could let an attacker disable the built-in firewall on computers running Microsoft 's Windows XP operating system. The code, which has been available on the Internet since Sunday, could be used to disable the firewall on completely up-to-date Windows XP computers running Microsoft's Internet Connection Service (ICS), allowing malicious code to be planted on those machines. The exploit details ways to send specially formed malicious data packets to force ICS to fail. Because ICS is connected to the Windows XP firewall, the packets could also cause the firewall to fail. LAN Vulnerability ICS is used to allow Windows XP computers to behave like routers to share an Internet connection with other computers on a local area network (LAN). It is primarily configured this way by home users and small businesses. Microsoft has confirmed it is investigating the ICS issue, and said it has concluded that the issue affects Windows XP. "Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," the company said in a statement. The software giant first received the tip from Tyler Reguly, of security firm nCircle, who noted on his blog that hackers sending malformed data packets to vulnerable machines could disable and eventually bypass the operating system firewall. So far, only Windows XP computers with the ICS service turned on are affected by the attack. Exploits Limited Security experts are saying the vulnerability is relatively obscure and easily fixable. The attacks are expected to be limited because a hacker would have to be within a LAN in order to make the exploit work, and the attack would of course work only on systems running ICS, which is disabled by default. Additionally, the attack would have no impact on any third-party firewall being used. "Once enabled, an attacker could only attempt to exploit this issue from the user's local network," Microsoft stated. "It cannot be remotely exploited." Microsoft also said it will continue to investigate the reports to help provide additional guidance for customers, as necessary. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs," the company stated.   Advertisement  Network Security 1.   Peer-to-Peer Software Ban Sought 2.   Los Alamos Computer Security Weak 3.   Security Firm Fortinet Plans IPO 4.   Heartland Restraining Order Denied 5.   Social-Networking Security a Concern Social-Networking Security a Concern Facebook hijacking shows dangers. Average Rating: ICANN Approves International Names Dramatic increase in users expected. Average Rating: Center Opens To Battle Cybercrime Increasing threat from hackers seen. Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business CRM Systems   Experience CRM—and Business—Success today with Salesforce.com. Contact Centers   Run Your Entire Contact Center in the Cloud with LiveOps Enterprise Hardware   Go Green with IBM Blade Center    Enterprise I.T.    Rackspace: It makes a difference when you focus on support.   Go Green with IBM Blade Center   APC introduces server room in a box solutions!   Tell us what you think. Take a survey.   Find out how much you can save with the SQL Server value tool.   See how AT&T can help protect your network. Enterprise Software   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Microsoft/Windows   Rackspace: It makes a difference when you focus on support   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Network Security   See how AT&T can help protect your network.

Network Security Spotlight

House Lawmakers Push Ban on Peer-to-Peer Software Stung by an embarrassing electronic leak revealing ethics investigations into dozens of lawmakers, Congress moved to prohibit federal employees from using the file-sharing software blamed for the disclosure.   GAO: Los Alamos Computer Security Has Weaknesses Security weaknesses uncovered in Los Alamos National Laboratory's computer network increase the risk of a classified-information breach, says the Government Accountability Office.   Computer Security Firm Fortinet Plans IPO This Week Fortinet plans to go public in an initial public offering, giving investors a chance to tap a network security provider with sales that are expected to grow. The IPO could be valued at $137.5 million or more.

Enterprise Hardware Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   New Pogoplug 'Personal Cloud' Does Social Networking Cloud Engines has released its newest version of the Pogoplug, a small "multimedia sharing device" that connects hard drives to the Internet and allows a user to access the files remotely.   Apple Tablet Rumored Delayed as Publisher Gears Up There have been so many rumors of an Apple tablet that it has taken on legendary status. But now the legend is being revised with reports of a delay and that a major publisher is getting ready.

Enterprise Technology Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   Smartphones: A Bigger Target for Security Threats Smartphones are increasingly prevalent and adept at handling more tasks, including trading stocks, paying bills, and buying stuff online. That makes them attractive to thieves and hackers.   FBI Says Hackers Targeting Law Firms, PR Companies Hackers are targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients.

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | Free Whitepapers | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2009 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.