Microsoft Security Bulletin MS11-083 - Critical

I am seeing some indications that a separate firewall would prevent this. Nothing definitive lol sorry.

 

Right, they mention the reference counter in the TCP/IP stack.

They probably do mean a hardware firewall, but this has me wondering if a 3rd-party fw (never mind Windows fw) is used, will it stop packets from hitting the reference counter in question?

Understood, but a port is closed, how I understand it, by virtue of there being no service listening on it, or by a firewall. If it's closed by a 3rd-party firewall, then the question that comes to my mind is will the UDP packets even hit the reference counter in the TCP/IP stack? I don't understand where the Windows or the typical 3rd-party firewall comes into play with reference to the TCP/IP stack in Windows. Is it before the stack or after it? Something I'll try to find out

*EDIT*

the posts are fast and furious just saw this.

you mean a 3rd-party fw? No need to be sorry, I appreciate your help

 

Yep, the question of whether the Windows Firewall service will still handle these requests or not is the question. Honestly, I'd guess that it would. What I'm seeing says that it wouldn't.

So you may very well be safe with a third party firewall even without a router.

 

I know it logs the requests because I see them (blocked packets) in the Event Viewer. I just don't know how it ties into the TCP/IP stack refernce counter.

That stands to reason, at least what I'm surmising. Thanks!

 

The 3rd party firewall could always be passing that info to the counter. I'll probably know more tomorrow.

 

Okay, I'll check later. Thanks again!