View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
December 16, 2004

XP firewall bug fixed on the sly

Microsoft Corp has quietly released a fix to a configuration bug in its Windows Firewall, a component of XP Service Pack 2, saying the bug is critical and could expose dialup users' hard drives to the whole Internet.

By CBR Staff Writer

The fix was excluded from Microsoft’s monthly patch batch and requires users to run an authentication routine, designed to check their copy of Windows is licensed, before they can download and install it.

Because of the way that some dialing software configures routing tables, Windows Firewall in Windows XP SP2 can sometimes interpret the whole Internet to be a local subnet, Microsoft wrote. This can let anyone on the Internet access the Windows Firewall exceptions.

When the My network (subnet) only option is enabled, it is automatically selected for file and print sharing, Microsoft wrote in its advisory. Therefore, your shared drives can be unexpectedly revealed on the Internet when you use a dial-up connection.

The problem is rated Critical, which usually means a worm could be written to exploit it. The problem was publicly acknowledged by Microsoft as long ago as September. The company offered a workaround at that time.

It is not an update that addresses a software code vulnerability, and therefore does not have a security bulletin associated with it, a spokesperson said in a statement attributed to Gary Schare, product director for Windows Client.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.