A flaw in Windows Firewall may prevent the application from showing all the open ports in a Windows XP SP2 or Windows Server 2003 PC, Microsoft said in a security advisory this week, and give users a false sense of security.
Although Microsoft doesn't consider the bug a security vulnerability -- an attacker can't manipulate the Firewall unless he has already compromised the computer using other methods -- it posted a fix for users to download.
"It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user," Microsoft said in the advisory.
An accurate view of port status can be obtained by using a command-line tool, the Redmond, Wash.-based developer noted. Other information has been published in a document within Microsoft's support database.
The fix currently available for download will be rolled into a future Windows service pack, the company said.