Hi Frank,
I was able to reproduce the bug and things are a bit different, so I
must disagree.
I think the contention is that when file/printer sharing is enabled,
and
the firewalls is activated, SMB ports are open on the dial-up interface
without having been explicitly opened via the firewall policy (unlike
the network interface). So in a sense, yes, there is a bug. The
implicit
allow is probably not a good thing, but the main issue seems to be that
while SMB ports are closed on exiting interfaces (like network cards),
the policy setting is not applied to inactive, dynamic interfaces --
the
RAS interface in essence. Once you dial-up, and thus activate the
interface, the ports are open even though that is not specified in the
firewall policy.
Correct, but the real bad news is that this happens on machines that had
an enabled Internet Connection Firewall before applying SP-2! This
indeed opens "new" holes (at least on RAS-Interfaces).
Furthermore this is not limited to RAS-Interfaces. All Interface types I
tested (RAS via DSL and LAN) have been affected as long as "local
subnet" was allowed access to file an printer sharing.
I also do not like PC Welt, but this is not a small issue. The problem
possibly affects all Windows XP Systems with enabled ICF and disabled
ICS that are upgraded to SP-2. I guess that approx. 80% of these Systems
are using weak or no passwords on admin-accounts, so you can imagine
what might happen.
Regards,
Jens
---------------------------------------------------------------------------
---------------------------------------------------------------------------
