Friday, July 1, 2022
  • Home

Windows Bug allows repeat invasions

December 21st, 2005 by Patrick S

Say you’ve just recovered from a serious worm attack. You’ve run your anti virus and adware/malware removal tools, installed the latest patches, even double checked to make sure your security privacy settings are at “High”. You’re fine now right? Maybe not.

Microsoft recently released a security advisory (along with an update to Windows SP2 containing the fix) warning about “unexpected behaviour” in Windows Firewall that could let a clever attacker who had broken into your PC leave a back door to the web unlocked for next time. Only PC’s running XP with SP2 or server 03 are in danger.

Hackers sometimes get into a PC by taking advantage of the ports that Windows uses to talk with the world (the net). There are thousands of ports available, but Windows Firewall automatically blocks most of them to protect you. You can let programs connect to your PC through specific ports by entering those ports as exceptions in the firewalls user interface (found in the Windows control panel). The UI also lists there exceptions on your system. Information about these ports are stored in the Windows registry.

Recently, someone figured out that if you insert port exceptions directly into the Registry and give then ‘malformed” names, the firewalls UI wont able to display them and you’d never know the port was open. Fortunately, no exploits of this venerability have been reported yet.

The security advisory is available HERE. It also explains how you can determine if any sneaky exceptions already lurk on your PC.

Posted in Security | Comments Off on Windows Bug allows repeat invasions

This entry was posted on Wednesday, December 21st, 2005 at 4:29 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.