Microsoft Still Coy On Critical Bug In Windows XP SP2Microsoft Still Coy On Critical Bug In Windows XP SP2

Although Microsoft issued five security bulletins Tuesday as part of its regularly-scheduled patch process, another touted as "Critical" and specific to Windows XP SP2 generally slipped under the radar.

Gregg Keizer, Contributor

December 16, 2004

2 Min Read
information logo in a gray background | information

Although Microsoft issued five security bulletins Tuesday as part of its regularly-scheduled patch process, another touted as "Critical" and specific to Windows XP SP2 generally slipped under the radar, and the company still isn't saying much about it.

The fix to Windows XP Service Pack 2's (SP2) bundled firewall was outlined in a Knowledgebase article, but not mentioned in any of the security bulletins. Microsoft labeled it a "Critical" vulnerability, which is the most dire of its four security warnings. None of the flaws disclosed Tuesday were rated higher than "Important," the second-highest alert.

According to Microsoft's advisory, "after you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection to connect to the Internet."

Oops. That could pose a problem for some users, needless to say.

The gaffe lies in the way that SP2's firewall interprets local subnets when the "My network (subnet) only" option is used. The firewall may then interpret the entire Internet to be a local subnet, letting anyone anywhere access the shared drives on the system when it's connected via dial-up.

Users who have Windows XP SP2 set for auto updating will pull down this fix automatically, but others should visit the Windows Update site, where the fix has been posted, or download the patch directly from here.

When asked to explain the lack of a security bulletin for the fix, a Microsoft spokesperson said that "it is not an update that addresses a software code vulnerability, and therefore does not have a bulletin associated with it."

Semantics aside, Microsoft has other resources to explain the problem in SP2, including this article on the dangers of file and print sharing within Windows XP SP2.

Read more about:

20042004

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights