Feeds

MS plugs weak XP firewall

Critical update

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Microsoft this week quietly fixed a security weakness in the configuration of the built-in firewall component of Windows XP.

The firewall - turned on by default by XP Service Pack 2 (SP2) - can leave files open across the whole net if users choose to enable file and printer sharing, it transpires. Such access should be restricted across a local network but Microsoft has implemented the feature in such a way that, for users of some dial-up ISPs, a local sub-net becomes the whole internet. Microsoft first informed users of this back in September but it has taken three months for it to release a fix.

Configuration changes released through Windows Update this week narrow the scope of what is defined as a local network. This update was issued at the same time as Microsoft's monthly patch roundup earlier this week but treated separately by Redmond (insecure configuration settings and security bugs been different beasties, at least according to Microsoft). Microsoft defines the update (more info here) as "critical".

In other Windows security news, security firm Secunia warns of a flaw in IE that can be used to conduct cross-site scripting attacks. The firm has produced a test to illustrating how the unpatched vuln. might be harnessed in phishing attacks. Even fully patched systems running Windows XP SP2 and up to date versions of IE are potentially vulnerable. Secunia advises users concerned about the problem to deactivate ActiveX or to use an alternative browser. ®

Related stories

Five important fixes in MS December patch batch
IE in fresh security drama
Watch out there's an IE bug about
CERT recommends anything but IE
MS plugs IE phishing bug (here's one they fixed earlier)

Internet Security Threat Report 2014

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.