Detailed exploit code for a Windows XP security vulnerability has been published on the Internet, offering a roadmap for hackers to disable the firewall embedded in the operating system. Microsoft on Oct. 31 confirmed it is investigating the issue, which targets ICS (Internet Connection Sharing), a feature in Windows XP that lets users share a dial-up or broadband connection with other users on a home network.
A spokesperson for the Redmond, Wash., software giant said the risk is minimized because ICS is disabled by default in Windows XP. "In addition, once enabled, an attacker could only attempt to exploit this issue from the user's local network: It cannot be remotely exploited," the spokesperson said in a statement sent to eWEEK.
View: The full story
News source: eWeek
A spokesperson for the Redmond, Wash., software giant said the risk is minimized because ICS is disabled by default in Windows XP. "In addition, once enabled, an attacker could only attempt to exploit this issue from the user's local network: It cannot be remotely exploited," the spokesperson said in a statement sent to eWEEK.
View: The full story News source: eWeek
The flaw is only exploitable from inside your ICS'd network, so unless you have untrusted people on your (typically home) internal network, you are probably safe from this. Just keep updated, and everything will be fine...
I just tried looking to see if I could find out which one it was but I can't, if anyone knows I would be interested to find out.
Also, "exploit this issue from the user's local network".
Essentially, this is a completely misleading article. Just another asshat trying there best to discredit Microsoft and WindowsXP.
I'm not a Microsoft fan by any stretch of the imagination but this stuff is getting sickening.
This is a REMOTE exploit. You just need to send a specially crafted (DNS) packet to the interface and down goes the ICS service, which will in turn drag down your ICF.
There is a WORLD of difference between spyware which is executed locally (probably as a local admin) disabling the ICF and a single packet sent across a network!!!!!!!!!!!!!!!!
This is a REMOTE exploit.
...
Here is the original advisory: http://blog.ncircle.com/archives/2006/10/microsoft_ics_d.htm
Note the mention of the word remote. Local = executed from the target machine. Not from the target machine's local network. Remote = without physical access. Regardless of whether it's from a corporate lan, home network, Internet connection or a bluetooth dongle
(Obviously I can appreciate that in the context of *networks*, local and remote have specific meanings. In the context of vulnerability assessment remote is as above. This case is slightly different in that there is a defined and unquestionable boundry between local and remote networks that isn't a potentially-miss-configured firewall. Normally a remote vuln is a remote vuln period, the difference is that being hidden behind a corporate firewall, a NATing device etc reduces exposure. It's an odd one, but should still be considered a remote vuln IMO)
Last edited by Jon on 02 Nov 2006 - 12:40
On the side note, I don't use this computer as Admin. Even with Power User limitation, my ZoneAlarm was completely disabled. I've tested this without any third-party software installed except for ZoneAlarm.
I don't know if the situation has changed, but it used to be that a hacker could defeat a software firewall by hitting your computer at boot time after the network has loaded, but before the firewall has loaded. With a hardware firewall, you're protected at all times – even when you're booting up.
Good.
i dont use the Windows Firewall anyway
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.