New Security Advisory on Windows Firewall Exception
Via the MSRC Blog.
Hi Folks, -- you may have noticed that we posted an advisory earlier this week: http://www.microsoft.com/technet/security/advisory/897663.mspx. This advisory discusses how a malformed registry key entry could allow an exception to be entered into the firewall, but this exception wouldn’t be visible in the standard firewall graphical user interfaces. In response to customer feedback and to clear up any confusion, we wanted to be explicit that in order for this type of action to happen a system would already have to be compromised and malicious code be running as an administrator. This is typical of most applications and platforms – once an attacker or criminal controls a system they can take what would normally be safe actions, and misuse them to confuse customers.
So, the best protection in these types of issues would to take preventative measures, like following the Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software as well as practice safe browsing techniques. However, that said, if you wanted to view all the exceptions in a firewall, even if the type of entries discussed in the advisory have been made, then you go do that with command line tools that come with Windows XP. Detailed instructions are in the advisory.