Microsoft posts critical configuration patch
By Robert Lemos, CNET News.comPublished on ZDNet News: December 16, 2004, 5:05 PM PT
- ZDNet Tags:
- Security
- Windows XP
- Microsoft
Microsoft released a "critical" fix on Thursday for a security issue left unresolved by the Windows XP Service Pack 2.
The configuration change closed a hole in the Windows firewall settings that could open up PCs to attack if the machines had been set to share files or a printer with the local network, said Gary Schare, director of product management for Windows.
"The firewall that we shipped in Service Pack 2 was much better than before, but security could be tightened even further," he said. "We told people (in September) that we would issue a software update and now we have."
The hole could allow anyone to access a PC that has its file sharing exceptions set up in the Windows XP SP2 firewall. The problem affects only those who use dialing software to connect to the Internet, Microsoft indicated in a Knowledge Base article on its Web site.
Microsoft did not classify the configuration issue as a software vulnerability and so did not distribute the configuration update with the patches it released earlier this week, Schare said. In fact, the security group did not handle the issue; the Windows product group did.
"We didn't do as good a job as we intended getting this out," he said. "This fell between the teams. The security team said it wasn't a vulnerability, so we don't handle it, and the product people said they are not used to meeting the monthly update schedule."
Microsoft's Schare said some users complained that the posting of the configuration change wasn't obvious. The company will likely better highlight such bulletins to Windows users in the future.
"We have a process in putting these up," Schare said. "We followed the process, but now we are looking to see if we can do more."
Windows XP users who use Windows update will automatically download the configuration changes.
PS
In all fairness to ZD, this was not one of their "knock" MS articles; in general, their rags have no... (Read the rest)
- MS firewalls and other jokes on security. michael-t -- 12/16/04
- Nothing to worry about Richard Flude -- 12/16/04
- ZDNET, Why do you keep posting the same old story... Bit's_Conscience -- 12/16/04
- Message From Ballmer: "Move Along, Nothing To See Here" itanalyst -- 12/17/04
- MSFT Process Chad_z -- 12/17/04
- The laugh track must be extra, ... Judas I. -- 12/17/04
- Ha, Ha ! stewart@... -- 12/17/04
- I knew "localsubnet" was a bad idea. joemama_z -- 12/17/04
- SP 2 o_kkkkkk -- 12/17/04
- some practical info please clancy -- 12/17/04
- Does it work with SR2 Bruce Swanson -- 12/17/04
- Microsoft More Useless Everyday... PhoenixStorm26 -- 12/19/04
- Not Really A "Fire Wall" - More Like an "Ember Mound" Really (NT) BanjoPaterson -- 12/20/04
- Good free firewall Neil Parks -- 12/20/04
- A joke...and it's not MS. Anonynona_z -- 12/20/04
Add your opinion
recent blogs
- Oracle's heavyweight WebCenter Dan Farber
- Microsoft readies new transfer tool for XP-Vista migration Mary Jo Foley
- Adobe jumps into the venture capital world Ryan Stewart
- Gartner: Web services standardization process has 'lost momentum' Joe McKendrick
- T-Mobile launches HotSpot @ Home service in selected areas Matthew Miller
- See all ZDNet Blogs
Latest Security Content
- Microsoft's free anti-spyware hits market
- Microsoft sets Sender ID free
- Autodesk rushes out IE 7 compatibility fix
- Microsoft blocks 'Black Hat' Vista hack
- Gartner: Vista antitrust tweaks to take years
- Subscribe to Feed
| CIO Vision Series |
 |
Watch and learn as ZDNet editor in chief Dan Farber interviews CIOs who get innovation and explain how they leverage it in their organizations. |
blogs from our sponsors
White papers & webcasts
- High-Definition Color Printing Technology from OKI Printing Solutions: Breathtaking Output -- Even on Ordinary Office Paper OKI Printing Solutions
- Beyond disaster recovery: Becoming a resilient business IBM
- IDC Technical Brief: Enabling Technologies for Power and Cooling Hewlett-Packard
- Gartner: Ten Remote Access Failures Your Company Could Avoid in an Emergency Aventail
- Software Testing as a Strategic Business Advantage IBM
- Evaluator's Guide for the C6100 Series from OKI Printing Solutions OKI Printing Solutions
NEWS ALERTS
Receive instant emails when IT news happens
