Windows XP Exploit Shuts Off Windows FirewallBy Ryan Naraine | Posted 2006-10-31 Email Print
WEBINAR: On-demand webcast
Next-Generation Applications Require the Power and Performance of Next-Generation Workstations REGISTER >
Proof-of-concept exploits have been released for a denial-of-service vulnerability in fully patched versions of Windows XP SP2.
Detailed exploit code for a Windows XP security vulnerability has been published on the Internet, offering a roadmap for hackers to disable the firewall embedded in the operating system.
Microsoft on Oct. 31 confirmed it is investigating the issue, which targets ICS (Internet Connection Sharing), a feature in Windows XP that lets users share a dial-up or broadband connection with other users on a home network.
A spokesperson for the Redmond, Wash., software giant said the risk is minimized because ICS is disabled by default in Windows XP.
"In addition, once enabled, an attacker could only attempt to exploit this issue from the user's local network: It cannot be remotely exploited," the spokesperson said in a statement sent to eWEEK.
The company said it is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time.
"Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs," the spokesperson added.
Security alerts aggregator Secunia rates the bug as "less critical" and recommends that Windows XP users find an alternative way to share the Internet connection.
The vulnerability is caused due to a NULL pointer dereference error in Windows NAT Helper Components (ipnathlp.dll) and can be exploited to crash the service via a specially crafted DNS query.
At least two versions of proof-of-concept exploits have been Milw0rm Web site.
Successful exploitation requires that Internet Connection Sharing is enabled and the query is received from a client on the shared network interface.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.