Microsoft alerts users to firewall flaw

TechWorld.com - Microsoft Corp. has alerted users to a problem in Windows Firewall that could be exploited by attackers as part of a broader system infection. The problem means that Windows Firewall can be made to hide certain information from the user, Microsoft said.
The bug isn't itself a vulnerability, Microsoft said in an advisory last week, since it can't be used to invade a system. It is, rather, an "unexpected behavior" that an attacker could use to cover up malicious activity, Microsoft said.
The company issued a patch for the problem, available only to authenticated Windows users.
The flaw is in the way Windows Firewall displays exception entries, which are created by administrators to allow incoming network connections. If an exception is created in the registry, it won't be displayed in the Windows Firewall user interface, meaning users might not be able to spot the exception entry.
It's unlikely that such a registry entry would be created under ordinary circumstances, and a user couldn't create one without administrator privileges, Microsoft said.
"It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user," Microsoft said in the advisory.
The patch fixes the issue, and Microsoft also released a workaround, found in the relevant Knowledge Base entry. Microsoft also noted that the problem doesn't affect command line firewall administration tools.
Though the flaw could conceivably be of use to attackers, Microsoft said the problem wasn't security related.
"Although this is not a security vulnerability, this non-security update was issued to provide users a way to display malformed Windows Firewall configuration registry entries," the company said in the Knowledge Base article.

Reprinted with permission from

For more enterprise technology news from the U.K., please visit TechWorld.com. Copyright 2006 IDG, all rights reserved.