Microsoft Still Coy On Critical Bug In Windows XP SP2 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
12/16/2004
01:27 PM
50%
50%

Microsoft Still Coy On Critical Bug In Windows XP SP2

Although Microsoft issued five security bulletins Tuesday as part of its regularly-scheduled patch process, another touted as "Critical" and specific to Windows XP SP2 generally slipped under the radar.

Although Microsoft issued five security bulletins Tuesday as part of its regularly-scheduled patch process, another touted as "Critical" and specific to Windows XP SP2 generally slipped under the radar, and the company still isn't saying much about it.

The fix to Windows XP Service Pack 2's (SP2) bundled firewall was outlined in a Knowledgebase article, but not mentioned in any of the security bulletins. Microsoft labeled it a "Critical" vulnerability, which is the most dire of its four security warnings. None of the flaws disclosed Tuesday were rated higher than "Important," the second-highest alert.

According to Microsoft's advisory, "after you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet."

Oops. That could pose a problem for some users, needless to say.

The gaffe lies in the way that SP2's firewall interprets local subnets when the "My network (subnet) only" option is used. The firewall may then interpret the entire Internet to be a local subnet, letting anyone anywhere access the shared drives on the system when it's connected via dial-up.

Users who have Windows XP SP2 set for auto updating will pull down this fix automatically, but others should visit the Windows Update site, where the fix has been posted, or download the patch directly from here.

When asked to explain the lack of a security bulletin for the fix, a Microsoft spokesperson said that "it is not an update that addresses a software code vulnerability, and therefore does not have a bulletin associated with it."

Semantics aside, Microsoft has other resources to explain the problem in SP2, including this article on the dangers of file and print sharing within Windows XP SP2.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll