Unpatched, Critical Flaw Found In Windows XP
Security researchers have uncovered a potentially serious security hole in Windows XP and Windows XP Professional that could allow skilled attackers to take over vulnerable computers, even PCs equipped with the latest Microsoft software patches and running the built-in Windows firewall.
The revelations, discussed on a security mailing list and detailed in a threat advisory by Danish security firm Secunia, come just two days after Microsoft released a batch of patches to fix other critical flaws in Windows software.
Microsoft could not be immediately reached for comment, but the expert who uncovered the flaw says he reported the problem to the company in early May and that Microsoft is working on a patch, which may be released in August.
The problem resides in the Windows "Remote Desktop," which lets users configure remote access to their computer. By default, the Microsoft firewall built into the Windows XP Service Pack 2 update is configured to deny connections from the Internet for remote desktop. But remote desktop shares the same vulnerable Microsoft programming code as "Remote Assistance" -- a service designed to allow Microsoft and other technicians to troubleshoot problems on Windows machines from afar. And the bad part is that the remote assistance program is automatically allowed to bypass the Windows firewall in PCs with Service Pack 2 installed.
Security experts warned, however, that there is little evidence that attackers are taking advantage of the vulnerability yet, and that exploiting the flaw may take some serious uber-hacking skills.
I will update with more information when I hear back from Microsoft, but one source told me that there is working code circulating on the Internet that allows attackers to use the flaw to gain control over vulnerable PCs.
If you use Windows XP and rely on Windows firewall to protect you online, it's probably a good idea to just disable the exceptions in the Windows firewall for "Remote Desktop" and "Remote Assistance." This workaround may not be effective, but it's worth a try.
To do this, click on "Start," then "Control Panel," and then the "Windows Firewall" icon. Then, in the Windows Firewall box, go to tab labeled "Exceptions" and make sure that the boxes next to "Remote Assistance" and "Remote Desktop" are unchecked.
Posted by: Ann Hewitt Worthington | July 15, 2005 11:47 AM | Report abuse
Posted by: Nick Mancini | July 15, 2005 12:04 PM | Report abuse
Posted by: Nancy | July 15, 2005 12:55 PM | Report abuse
Posted by: TheMan | July 15, 2005 1:08 PM | Report abuse
Posted by: Bob in Tokyo | July 15, 2005 6:00 PM | Report abuse
Posted by: Mike Cather | July 15, 2005 7:22 PM | Report abuse
Posted by: Chris | July 15, 2005 8:13 PM | Report abuse
Posted by: Clo Genti | July 18, 2005 2:01 PM | Report abuse
Posted by: James | July 19, 2005 7:26 AM | Report abuse
Posted by: Mike | July 19, 2005 12:14 PM | Report abuse
Posted by: Cee | July 21, 2005 12:59 PM | Report abuse
The comments to this entry are closed.