Windows Firewall flaw may hide open ports
Joris Evers writes in C|Net News:
A flaw in Windows Firewall may prevent users from seeing all the open network ports on a Windows XP or Windows Server 2003 computer.
The flaw manifests itself in the way the security application handles some entries in the Windows Registry, Microsoft said in a security advisory published Wednesday. The Windows Registry is a core part of the operating system that stores PC settings.
The bug could allow a firewall port to be open without the user being informed through the standard Windows Firewall user interface, according to the Microsoft advisory. The company has released a fix that can be downloaded from Microsoft's Web site and will be part of a future Windows service pack, the company said.
Microsoft said the firewall issue is not a security vulnerability, but said the flaw could be used by an attacker who already compromised a system in an attempt to hide exceptions in the firewall.