Windows Firewall Flaw No Vulnerability, Says Microsoft

Although Microsoft doesn't consider the bug a security vulnerability, it has posted a fix for users to download.



A flaw in Windows Firewall may prevent the application from showing all the open ports in a Windows XP SP2 or Windows Server 2003 PC, Microsoft said in a security advisory this week, and give users a false sense of security.

Although Microsoft doesn't consider the bug a security vulnerability -- an attacker can't manipulate the Firewall unless he has already compromised the computer using other methods -- it posted a fix for users to download.

According to the advisory published Wednesday, the Firewall may not accurately report open ports in its usual graphical interface when those ports have been opened by editing the Windows Registry.

"It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user," Microsoft said in the advisory.

An accurate view of port status can be obtained by using a command-line tool, the Redmond, Wash.-based developer noted. Other information has been published in a document within Microsoft's support database.

The fix currently available for download will be rolled into a future Windows service pack, the company said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service