Microsoft Quietly Patches XP Firewall

By | December 20, 2004

Microsoft quietly released a patch for a set of security weaknesses in the new firewall for Windows XP.

The firewall was part of a suite of innovations introduced by Microsoft for Windows XP Service Pack 2 (SP2) users. It came under fire shortly after release, because enabling “file and print sharing” meant that anyone on the Internet could effectively bypass the firewall completely. Microsoft first announced the vulnerability in September – meaning it has taken a jaw dropping 5 months to release a fix – nearly as long as it took Microsoft to create SP2 in the first place.

The changes, to be released through Windows Update later this week, will effectively lock down the firewall configuration so that the “local network” does not encompass the hundreds of millions of computers on the Internet.

The update is being released in conjunction with Microsoft´s monthly patch roundup, even though it is being treated differently – security issues and configuration changes are handled by entirely different teams within Microsoft. The update is marked as Critical Update.

In other security-related Microsoft news, a new flaw has been found in Microsoft´s popular Internet Explorer (IE) browser, which puts people at risk of phishing attacks.

Several security firms, including Secunia, are reporting a vulnerability in IE6 which enables scammers to launch a fishing attack against Windows XP SP2 users, as well as older versions of Windows. Typically, phishing attacks use fake sites, which look like legitimate sites of companies such as banks, to try to con people into handing over personal information such as credit card numbers.

The flaw allows phishers to create scam sites so intricate that even the SSL signature and padlock are faked.

“The problem is that users can´t trust what they see in their browsers,” Thomas Kristensen, chief technology officer at Secunia, said. “This can be used to trick users to perform actions on what they believe is a trusted Web site, but actually these actions are recorded and controlled by a malicious site.”

Leave a Reply