Microsoft Security Advisory (897663)

Discussion in 'other security issues & news' started by NICK ADSL UK, Sep 1, 2005.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (897663)
    Windows Firewall Exception May Not Display in the User Interface
    Published: August 31, 2005

    Microsoft has received a report of an unexpected behavior in the way that the Windows Firewall User Interface handles malformed entries in the Windows Registry. By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall that would not be displayed in the Windows Firewall User Interface. However, this exception is displayed by the command line firewall administration tools.

    It is important to note that this is not a vulnerability. Administrative privileges are required to access the associated section of the Windows Registry that contains this configuration information. By using documented methods to manage and create Windows Firewall exceptions, it is unlikely that a malformed registry entry will be produced which would exhibit this behavior. It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user.

    Microsoft plans to include an update to address this concern as part of a future service pack on the affected supported platforms.

    http://www.microsoft.com/technet/security/advisory/897663.mspx
     
Loading...
Thread Status:
Not open for further replies.