Malicious code has begun to spread on the Internet that, under certain circumstances, can disable Windows XP Firewall and make PCs vulnerable to attacks from the Internet.
NCircle Network Security was the first to report a vulnerability in Windows, this time affecting the operating system's firewall and Internet sharing services. The company reports that attackers could use code or information from the Internet to compile network packets that could disable Internet Connection Sharing (ICS) on computers. Because ICS is closely related to Windows XP's built-in firewall, it can be shut down during an attack. Tyler Reguly, a researcher at nCircle, said that after such a successful attack, the attackers actually disappear from the line of defense and are given free rein.
The security flaw was also investigated by the SANS Internet Storm Center and confirmed to exist. The vulnerability is a vulnerability in Windows XP, which includes all currently available updates. However, it can only be used if ICS is enabled on the computer. As this is mostly used by home and smaller business users, they are primarily at risk from the new vulnerability. The vulnerability could not be compromised if the affected systems were running a different firewall application instead of the Windows built-in firewall.
Microsoft has also acknowledged the existence of the flaw, but has so far only reported that no attack has been reported to exploit the new vulnerability.
