I came across this news while surfing the NTCompatible website.
Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in fully patched versions of Windows XP Service Pack 2.
The software maker's confirmation follows public disclosure of the vulnerability by a private security researcher who goes by the moniker "badpack3t."
In an advisory posted at SecurityProtocols.com, the researcher described the issue as a remote kernel denial-of-service flaw affecting XP SP2, with the default firewall turned on.
"I have been working with Microsoft to get a patch out for this. I notified them 5/4/2005 about the flaw, and they have been working on it since then. Microsoft told me the patch was going to be released in August," he added in the advisory.
Security alerts aggregator Secunia Inc. has flagged the issue as "moderately critical" and confirmed the reports that the integrated firewall does not protect against the flaw.
View: Full Article @ eWeek