Users login

Create an account »


Users login

Home » Hacking News » Microsoft hit by firewall flaw

Microsoft hit by firewall flaw

by Nikola Strahija on September 7th, 2005 Microsoft alerted users to a problem in Windows Firewall that could be exploited by attackers as a part of much broader system infection.

The problem means that Windows Firewall can be tuned to hide certain information from the user, Microsoft said.

The bug isn't a vulnerability as itself, Microsoft insisted in an advisory last week, because it can't be used to invade a system. It is, rather, an "unexpected behaviour" that an attacker could use to cover up malicious activity, Microsoft insists.

The flaw is in the way Windows Firewall displays exception entries, created by administrators to allow incoming network connections. If an exception is created in the Registry, it won't be displayed in the Windows Firewall user interface, meaning users might not be able to spot the exception entry.

The company issued a patch for the problem, available only to authenticated Windows users. The patch fixes the issue, and Microsoft also released a workaround, found in a the relevant Knowledge Base entry. Microsoft also noted that the problem doesn't affect command line firewall administration tools.

It's unlikely that such a Registry entry would be created under ordinary circumstances, and a user couldn't create one without administrator privileges, Microsoft said. -It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user, Microsoft said in the advisory.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »