A vulnerability in ZoneLab's freeware version of ZoneAlarm firewall will be patched within "the next two weeks".

In its initial post to the BugTraq mailing list, ZoneLabs declined to address the vulnerability claiming it was as a result of a flaw in Windows (and not a combination of that flaw and one of its own). Within days, the company changed tack, claiming that although the vulnerability was "theoretical" it would be addressed and patched.

Users of the freeware firewall will be able to download the patch within the next fortnight, in the interim though the advice from the manufacturer is not to panic as "this vulnerability has not been exploited to our knowledge" and for it to occur "an attacker would have to break through the other protection layers of ZoneAlarm". ®