Microsoft Windows XP Dial-Up Access Firewall Disable

2004-12-15T12:55:12
ID OSVDB:12482
Type osvdb
Reporter OSVDB
Modified 2004-12-15T12:55:12

Description

Vulnerability Description

Microsoft Windows contains a flaw that may allow a remote attacker to gain unauthorized access. The issue is triggered when the 'My network (subnet) only' option in Windows Firewall is enabled. If a dial-up connection to the Internet is used, the firewall treats the entire Internet as a local subnet and does not apply the standard filtering and rules to incoming traffic. This allows a remote attacker to potentially gain unauthorized access to the machine.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft Windows contains a flaw that may allow a remote attacker to gain unauthorized access. The issue is triggered when the 'My network (subnet) only' option in Windows Firewall is enabled. If a dial-up connection to the Internet is used, the firewall treats the entire Internet as a local subnet and does not apply the standard filtering and rules to incoming traffic. This allows a remote attacker to potentially gain unauthorized access to the machine.

References:

Vendor URL: http://www.microsoft.com/ Secunia Advisory ID:13492 Other Advisory URL: http://support.microsoft.com/kb/886185 Nessus Plugin ID:15996 Mail List Post: http://www.osvdb.org/ref/12/12482-win_xp_dialup.txt ISS X-Force ID: 18507