Welcome | Sign In
LinuxInsider.com
Malware

Little Used Service Opens New Vulnerability in XP

Print Version
E-Mail Article
Reprints
Little Used Service Opens New Vulnerability in XP

By Erika Morphy
TechNewsWorld
Part of the ECT News Network
11/02/06 1:39 PM PT

Compared with past security flaws in Windows, this one is fairly benign. "Microsoft is getting better at recognizing the importance of security and the impact it has on the user experience, as well as the Internet as a whole," said Ron O'Brien, a senior security analyst with Sophos. "It's something they've taken to heart, and it is why I believe they are making such an effort now."


A newly discovered but minor denial-of-service flaw in Windows XP could allow hackers to crash the operating system's firewall. However, the pool of affected computers appears relatively small.

The security vulnerability, which was first reported on Monday, targets the ICS (Internet Connection Sharing) service, a Windows XP feature that lets users share a dial-up or broadband connection with other users on a local area network. Using ICS has become a rather antiquated method for sharing an Internet connection.

The attacker sends malware -- a malformed DNS query, specifically -- to a vulnerable PC, which causes ICS to shut down. In turn, Windows XP Firewall shuts down and this places the computer at risk.

Tyler Reguly of nCircle, which has been tracking the vulnerability, posted a simple test on his blog: "Are you running Windows XP and are you sharing your Internet connection? If the answer is yes to both of those, then you are vulnerable."

There is no virus "in the wild" that is tailored to use this exploit, according to Reguly.

Last Line of Defense

PCs that are protected with outside security software should be fine, even with ICS enabled, Ron O'Brien, a senior security analyst with Sophos, told TechNewsWorld. "Even if the vulnerability is exploited, it can't disable a third-party firewall."

Users who do not have an additional firewall could be vulnerable, Reguly added. "One thing to remember is that the ICS service is tied to the [Windows] firewall service. If ICS dies, so does your firewall."

It is difficult to imagine hackers trying to leverage the exploit, said O'Brien. "You can extrapolate that it is individual users relying on the OS for a firewall. Companies tend to have third-party protection and many layers of security." In other words, a hacker is unlikely to bother.

A New Attitude

Compared with past security flaws in Windows, this one is fairly benign. O'Brien and other security analysts, though, have noted a distinct improvement in Microsoft's (Nasdaq: MSFT) attitude and response time when new vulnerabilities crop up.

"Microsoft is getting better at recognizing the importance of security and the impact it has on the user experience, as well as the Internet as a whole," said O'Brien. "It's something they've taken to heart, and it is why I believe they are making such an effort now."

Print Version E-Mail Article Reprints More by Erika Morphy

Talkback: Be the first to comment on this story.

More by Erika Morphy

Twitter Flies the Coop
March 16, 2010
Twitter has found a way to flit around to other Web locales through a feature called "@anywhere." Amazon, eBay, The Huffington Post, YouTube and others will be able to open a Twitter window to users, allowing them to send and receive messages without leaving the site. Social media marketers are salivating at the possibilities. 		Pegasystems' Chordiant Buy Not Without Risks
March 16, 2010
Pegasystems' acquisition of Chordiant could lead to a merging of the companies' synergies, resulting in an Oracle-type solution at a lower cost. Or, it could lead to conflicts over philosophical perspectives and infighting over which technology to keep and which to let go, ultimately derailing the integration. 		Google Poised to Make Good on Its China Threat
March 15, 2010
Negotiations between Google and China over Web censorship have apparently failed to produce a compromise that both sides could agree to. Although no official announcement has been made, all signs are pointing in the direction of Google's imminent withdrawal of its search operations from the country.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside LinuxInsider
LinuxInsider
E-Commerce Times
TechNewsWorld
MacNewsWorld
CRM Buyer
Today's LinuxInsider Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
Data Deposit Box Online Storage
Sign up for a 2 week free trial and start earning recurring revenue today.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.