We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Microsoft alerts users to firewall flaw

It's a bug, not a vulnerability

Microsoft has alerted users to a problem in Windows Firewall that could be exploited by attackers as part of a broader system infection.

The problem means that Windows Firewall can be made to hide certain information from the user, Microsoft said. The bug isn't itself a vulnerability, the firm insisted in an advisory last week, since it can't be used to invade a system. It is, rather, "unexpected behaviour" that an attacker could use to cover up malicious activity.

The company issued a patch for the problem, available only to authenticated Windows users.

The flaw is in the way Windows Firewall displays exception entries, created by administrators to allow incoming network connections. If an exception is created in the Registry, it won't be displayed in the Windows Firewall user interface, meaning users might not be able to spot the exception entry.

It's unlikely that such a Registry entry would be created under ordinary circumstances, and a user couldn't create one without administrator privileges, Microsoft said. "It is more likely that an attacker who has already compromised the system would create such malformed Registry entries with intent to confuse a user," the software company said in the advisory.

The patch fixes the issue, and Microsoft also released a workaround, found in a relevant Knowledgebase entry. Microsoft also noted that the problem doesn't affect command line firewall administration tools.

Though the flaw could conceivably be of use to attackers, Microsoft said the problem isn't security-related. "Although this is not a security vulnerability, this non-security update was issued to provide users a way to display malformed Windows Firewall configuration registry entries," the Knowledgebase article read.

Windows XP Service Pack 2 (SP2) is credited with making Windows much more secure, but months after the update's rollout, significant cracks have started to appear. One of the biggest flaw disclosures came from Finjan Software late last year. It claimed to have discovered a set of 10 major security flaws in SP2, bypassing many of the security measures the update puts into place.

The patch is available here and the advisory can be found here.


IDG UK Sites

The 30 best TV shows on Netflix UK: Our pick of the best programmes you can watch right now

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

VFX Emmy: Game of Thrones work garners gong for Rodeo FX

IDG UK Sites

Apple 13-inch MacBook Pro with Retina review (2.6GHz, 128GB, mid-2014)