Windows Firewall Flaw No Vulnerability, Says Microsoft - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Windows Firewall Flaw No Vulnerability, Says Microsoft

Although Microsoft doesn't consider the bug a security vulnerability, it has posted a fix for users to download.

A flaw in Windows Firewall may prevent the application from showing all the open ports in a Windows XP SP2 or Windows Server 2003 PC, Microsoft said in a security advisory this week, and give users a false sense of security.

Although Microsoft doesn't consider the bug a security vulnerability -- an attacker can't manipulate the Firewall unless he has already compromised the computer using other methods -- it posted a fix for users to download.

According to the advisory published Wednesday, the Firewall may not accurately report open ports in its usual graphical interface when those ports have been opened by editing the Windows Registry.

"It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user," Microsoft said in the advisory.

An accurate view of port status can be obtained by using a command-line tool, the Redmond, Wash.-based developer noted. Other information has been published in a document within Microsoft's support database.

The fix currently available for download will be rolled into a future Windows service pack, the company said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll