Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Still Coy On Critical Bug In Windows XP SP2

Although Microsoft issued five security bulletins Tuesday as part of its regularly-scheduled patch process, another touted as "Critical" and specific to Windows XP SP2 generally slipped under the radar, and the company still isn't saying much about it.

The fix to Windows XP Service Pack 2's (SP2) bundled firewall was outlined in a Knowledgebase article, but not mentioned in any of the security bulletins. Microsoft labeled it a "Critical" vulnerability, which is the most dire of its four security warnings. None of the flaws disclosed Tuesday were rated higher than "Important," the second-highest alert.

According to Microsoft's advisory, "after you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet."

Oops. That could pose a problem for some users, needless to say.

The gaffe lies in the way that SP2's firewall interprets local subnets when the "My network (subnet) only" option is used. The firewall may then interpret the entire Internet to be a local subnet, letting anyone anywhere access the shared drives on the system when it's connected via dial-up.

  • 1