Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Microsoft Windows XP Firewall Default Configuration Vulnerability (

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Microsoft Windows XP Firewall Default Configuration Vulnerability (SP2, Local Subnet)
Date: 16 Dec 2004 14:21:12 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Microsoft Windows XP Firewall Default Configuration Vulnerability (SP2, 
Local Subnet)
------------------------------------------------------------------------


SUMMARY

After you set up Microsoft Windows Firewall in Microsoft Windows XP 
Service Pack 2 (SP2), you may discover that your computer can be accessed 
by anyone on the Internet when you use a dial-up connection to connect to 
the Internet, this is due to a back in the way Microsoft's Firewall 
handles local subnets.

DETAILS

This problem occurs because of the way that Windows Firewall interprets 
local subnets when the "My network (subnet) only" option is used. Windows 
Firewall is included with Windows XP SP2.

Because of the way that some dialing software configures routing tables, 
Windows Firewall in Windows XP SP2 can sometimes interpret the whole 
Internet to be a local subnet. This can let anyone on the Internet access 
the Windows Firewall exceptions. When the "My network (subnet) only" 
option is enabled, it is automatically selected for file and print 
sharing. Therefore, your shared drives can be unexpectedly revealed on the 
Internet when you use a dial-up connection.

Solution:
To resolve this problem, you must download and install the Critical Update 
for Windows XP:  
<http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=da66a0ac-55ca-4591-b3e6-d78695899141&displaylang=en>
 KB886185

After you install the Critical Update for Windows XP (KB886185), Windows 
Firewall will no longer interpret a dial-up network connection to be on 
your local subnet.

Specifically, any IP Route Table entry that has an IP address of 0.0.0.0 
and has a mask of 0.0.0.0 will not be interpreted to be on the local 
subnet. This means that any port exceptions or program exceptions that use 
the "My network (subnet) only" option in Windows Firewall will not be 
available over a dial-up connection. You will still be able to access 
exceptions over a dial-up connection if you remove all scope restrictions, 
or if you create a custom scope for exceptions.

Subnets can be highly variable, depending on the network that they are 
connected to. Therefore, using the "My network" scope restriction does not 
guarantee security. We strongly recommend that you use the custom scope 
option when you want to make sure that no unwanted incoming traffic is 
permitted to pass through your firewall exceptions.

For more information about configuring Windows Firewall, visit the 
following Microsoft TechNet Web page:  
<http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx> 
http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx


ADDITIONAL INFORMATION

The information has been provided by  
<mailto:nathan.fowler@packetmail.net> Nathan Fowler.
The original article can be found at:  
<http://support.microsoft.com/kb/886185> 
http://support.microsoft.com/kb/886185



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Microsoft Windows XP Firewall Default Configuration Vulnerability (SP2, Local Subnet), SecuriTeam <=
Previous by Date:  [NT] Insecure Default File System Permissions n Microsoft Versions of Kerio Software, SecuriTeam
Next by Date:  [UNIX] Rssh and Scponly Arbitrary Command Execution, SecuriTeam
Previous by Thread:  [NT] Insecure Default File System Permissions n Microsoft Versions of Kerio Software, SecuriTeam
Next by Thread:  [UNIX] Rssh and Scponly Arbitrary Command Execution, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]