31 October 2006
Small Possibility of Disabling Windows XP Firewall
Recently a code was published that allows attackers to disable the Windows Firewall on some XP computers.
The computer has to be running Windows XP and Windows Internet Connection Service (ICS), which is running on any XP computer that is sharing its Internet connection. This of course does not affect networked computers using a router to share the Internet connection, the connection has to be first plugged into that computer then shared with other computers to be vulnerable.
The attack is accomplished by sending a malicious packet to the machine, which will cause ICS to crash. Due to ICS's connection to the Windows Firewall, it also stops working as well.
The good news is that there are many factors that make this less likely to happen. The main factor is that the person doing this must be inside the network. This leaves very few choices over who can do it. The only real way an outsider could perform such an attack would be if you had a wireless network setup that they had gained access to.
Businesses are not likely to be affected by this due to their use of hardware based firewalls or computers dedicated to just that purpose. Households who want to share their Internet connection should be using a NAT Router as well and probably are if they have a wireless network set up. While this flaw is not something one would want on their system, it isn't going to affect 99.9% of users unless there is another method found for exploiting the vulnerability.
The computer has to be running Windows XP and Windows Internet Connection Service (ICS), which is running on any XP computer that is sharing its Internet connection. This of course does not affect networked computers using a router to share the Internet connection, the connection has to be first plugged into that computer then shared with other computers to be vulnerable.
The attack is accomplished by sending a malicious packet to the machine, which will cause ICS to crash. Due to ICS's connection to the Windows Firewall, it also stops working as well.
The good news is that there are many factors that make this less likely to happen. The main factor is that the person doing this must be inside the network. This leaves very few choices over who can do it. The only real way an outsider could perform such an attack would be if you had a wireless network setup that they had gained access to.
Businesses are not likely to be affected by this due to their use of hardware based firewalls or computers dedicated to just that purpose. Households who want to share their Internet connection should be using a NAT Router as well and probably are if they have a wireless network set up. While this flaw is not something one would want on their system, it isn't going to affect 99.9% of users unless there is another method found for exploiting the vulnerability.
Labels: firewall, microsoft, vulnerability, windows, xp
