Microsoft Releases Advisory about a Potential Firewall Loophole

Although it claims it is not a security vulnerability, Microsoft has released another of its frequent security advisories, this time to alert users to a flaw in Windows Firewall that would prevent IT administrators from seeing open ports on XP and Server 2003 servers.

The advisory describes unexpected behavior in the way the Windows Firewall User Interfaces handles malformed entries in the Windows Registry. By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall which would not be displayed in the Windows Firewall User Interface, Microsoft says. Administrative privileges are required to access the associated section of the Windows Registry which contains this configuration information.

By default, the Windows Firewall blocks incoming network connections. Administrators can allow inbound network connections by creating an exception in the Windows Firewall configuration to allow access to network services running on the machine.

An attacker could not use the flaw to compromise a system, but if a system has already been compromised by some other method, the attacker could use the loopholes as a way to hide exceptions in the firewall. Microsoft has issued a non-security update to provide users a way to display malformed Windows Firewall configuration registry entries.

For more details and a workaround, click here.