News Stay informed about the latest enterprise technology news and product updates.

Critical fix for SP2 firewall

The vulnerability affects Windows XP SP2 users who rely on a dial-up connection to access the Internet.

Microsoft has released a "critical" update patching a flaw in the Windows XP SP2 firewall. But it wasn't part of the five security updates the software giant issued Tuesday, creating a bit of confusion.

The Bethesda, Md.-based SANS Internet Storm Center said several of its diary readers had contacted it to point out that the SP2 update had been posted on Microsoft's Web site separately from the five bulletins issued Tuesday. Those bulletins, deemed "important," fix vulnerabilities in Windows that could have been exploited by attackers to run malicious code, change or delete data or cause a denial-of-service attack. Windows 2000 Server, XP, NT and Server 2003 are among the affected products.

Gary Schare, product director for Windows, said there's a simple reason the SP2 firewall update wasn't part of Patch Tuesday: Microsoft informed users of the firewall problem and that a fix was coming back in September. Monthly security bulletins are meant to address new problems, and this was nothing new.

"In September, Microsoft posted an article on the Windows homepage to let customers know this release was coming and provided some guidelines customers can take if they are interested in file and printing sharing," Schare said in an e-mail. "This article is being updated to reflect that this release has shipped. It is not an update that addresses a software code vulnerability, and therefore does not have a security bulletin associated with it."

Describing the firewall problem on its Web site, the software giant said: "After you set up Microsoft Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that your computer can be accessed by anyone on the Internet when you use a dial-up connection…"

The trouble is in how the firewall interprets local subnets when the "My network (subnet) only" option is used, the company said. "Because of the way that some dialing software configures routing tables, [the firewall] can sometimes interpret the whole Internet to be a local subnet. This can let anyone on the Internet access the Windows Firewall exceptions. When the 'My network (subnet) only' option is enabled, it is automatically selected for file and print sharing. Therefore, your shared drives can be unexpectedly revealed on the Internet when you use a dial-up connection."

Microsoft recommends users download and install the update by going to this Web page.

"This release is an update provided to change the behavior of the Windows firewall under very specific circumstances as a defense-in-depth measure," Schare said. "It provides a more limited scope to the "Local Subnet" setting of the Windows Firewall for customers that use the feature on some types of Internet connections."

This article originally appeared on

Dig Deeper on Network intrusion detection and prevention and malware removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.