Welcome | Sign In
ECommerceTimes.com
Malware

Little Used Service Opens New Vulnerability in XP

Print Version
E-Mail Article
Reprints
Little Used Service Opens New Vulnerability in XP

By Erika Morphy
TechNewsWorld
Part of the ECT News Network
11/02/06 1:39 PM PT

Compared with past security flaws in Windows, this one is fairly benign. "Microsoft is getting better at recognizing the importance of security and the impact it has on the user experience, as well as the Internet as a whole," said Ron O'Brien, a senior security analyst with Sophos. "It's something they've taken to heart, and it is why I believe they are making such an effort now."


A newly discovered but minor denial-of-service flaw in Windows XP could allow hackers to crash the operating system's firewall. However, the pool of affected computers appears relatively small.

The security vulnerability, which was first reported on Monday, targets the ICS (Internet Connection Sharing) service, a Windows XP feature that lets users share a dial-up or broadband connection with other users on a local area network. Using ICS has become a rather antiquated method for sharing an Internet connection.

The attacker sends malware -- a malformed DNS query, specifically -- to a vulnerable PC, which causes ICS to shut down. In turn, Windows XP Firewall shuts down and this places the computer at risk.

Tyler Reguly of nCircle, which has been tracking the vulnerability, posted a simple test on his blog: "Are you running Windows XP and are you sharing your Internet connection? If the answer is yes to both of those, then you are vulnerable."

There is no virus "in the wild" that is tailored to use this exploit, according to Reguly.

Last Line of Defense

PCs that are protected with outside security software should be fine, even with ICS enabled, Ron O'Brien, a senior security analyst with Sophos, told TechNewsWorld. "Even if the vulnerability is exploited, it can't disable a third-party firewall."

Users who do not have an additional firewall could be vulnerable, Reguly added. "One thing to remember is that the ICS service is tied to the [Windows] firewall service. If ICS dies, so does your firewall."

It is difficult to imagine hackers trying to leverage the exploit, said O'Brien. "You can extrapolate that it is individual users relying on the OS for a firewall. Companies tend to have third-party protection and many layers of security." In other words, a hacker is unlikely to bother.

A New Attitude

Compared with past security flaws in Windows, this one is fairly benign. O'Brien and other security analysts, though, have noted a distinct improvement in Microsoft's (Nasdaq: MSFT) attitude and response time when new vulnerabilities crop up.

"Microsoft is getting better at recognizing the importance of security and the impact it has on the user experience, as well as the Internet as a whole," said O'Brien. "It's something they've taken to heart, and it is why I believe they are making such an effort now."

Print Version E-Mail Article Reprints More by Erika Morphy

Talkback: Be the first to comment on this story.

More by Erika Morphy

Google Bends a Little Toward Nexus One Customers
February 09, 2010
Google appears to be taking some customer objections to the Nexus One seriously, although its overtures may not be enough to warm customers to its new business model. For one thing, it has reduced the fee it would charge for early termination to $150, but customers would have to pay T-Mobile an ETF as well. It has also set up a direct support line for orders -- but not for tech support. 		Does 'Nimble' Pricing Suggest iPad Won't Move?
February 09, 2010
Indications that Apple may lower the price of its new iPad have surfaced -- even though its not yet available for sale -- suggesting that the company may not be certain it hit the sweet spot for consumers. One big inhibitor for a lot of prospective buyers is the extra monthly charge for WiFi and 3G connectivity. 		Report: iPad Will Propel Tablets Into Mainstream Use
February 08, 2010
Will Apple's iPad do for tablets what its iPod did for MP3 players? Quite possibly. The tablet market will grow quickly on the heels of the iPad's release, according to In-Stat, which forecasts 50 million of the devices will ship in 2014. Others are less optimistic, though. Notably, consumer interest in buying an iPad did not increase as a result of the product's unveiling, according to a Retrevo survey.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Online Retail Transaction Performance Indices
> Inside E-Commerce Times
TechNewsWorld
CRM Buyer
LinuxInsider
MacNewsWorld
Today's E-Commerce Times Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
Data Deposit Box Online Storage
Sign up for a 2 week free trial and start earning recurring revenue today.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.