Microsoft Security Advisory (897663)

Discussion in 'other security issues & news' started by NICK ADSL UK, Sep 1, 2005.

Thread Status:
Not open for further replies.

    NICK ADSL UK Administrator

    May 13, 2003
    Microsoft Security Advisory (897663)
    Windows Firewall Exception May Not Display in the User Interface
    Published: August 31, 2005

    Microsoft has received a report of an unexpected behavior in the way that the Windows Firewall User Interface handles malformed entries in the Windows Registry. By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall that would not be displayed in the Windows Firewall User Interface. However, this exception is displayed by the command line firewall administration tools.

    It is important to note that this is not a vulnerability. Administrative privileges are required to access the associated section of the Windows Registry that contains this configuration information. By using documented methods to manage and create Windows Firewall exceptions, it is unlikely that a malformed registry entry will be produced which would exhibit this behavior. It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user.

    Microsoft plans to include an update to address this concern as part of a future service pack on the affected supported platforms.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.