Big hole??

[User1]

"Windows XP Service Pack 2 with Advanced Security Technologies helps you protect your PC against viruses, hackers, and worms." - this is how Microsoft promotes its Service Pack 2 on its website. What the company does not say: Instead of viruses, worms, and hackers, the supposedly safe SP2 for Windows XP invites any Internet user to have a look around your PC.



As soon as you install SP2 on a Windows XP PC with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall. This also applies to all other services. The PC only has to provide sharing for an internal local network and connect to the Internet via dial-up or ISDN. Users of DSL services are also affected, if a firewall is not integrated into the DSL modem or a common modem instead of a DSL router is used. Additionally, Internet Connection Sharing of the PC has to be disabled.



A number of test scans run by PC-Welt revealed that this in fact is a common configuration and not a rare sight. Without great effort, we were able to discover private documents on easily accessible computers on the Internet. It must be assumed, that these users wrongly believe they are safe and that their sharing configurations are only visible in their network at home: Often, we did not even encounter password protection.


Already Windows 95 affected by a similar problem


Experienced Windows users may remember that there was a similar problem in the past, specifically with Windows 95. Back then, Microsoft forgot to separate file and printer sharing from the dial-up network adapter when such a connection was configured.



In other words, this caused the service to be released worldwide through the dial-up connection as soon as you were connected to the Internet. Microsoft at that time issued an update to patch the bug. The fact that file and printer sharing since then is not connected to the dial-up connection anymore, can easily be seen on your system: Right-click on the symbol "My Network Places" and select "Properties". Repeat the right-click and selection with the icon of your dial-up connection and select the tab "Settings". If there is no check at "File and Printer Sharing", it indicates that this service should not be made available through your dial-up connection.



This in fact is true for Windows XP without Service Pack. Since SP1, this configuration is hardly more than cosmetics and does not serve any purpose anymore. This means, the file and printer sharing service is connected in general, also to the dial-up network adapter. This in itself is a serious bug, since your shared data potentially could be seen on the Internet. However, there are no catastrophic effects, as every dial-up connection is configured with an activated firewall by default.



If you intended to deactivate this firewall, Windows displayed an easily recognizable dialog, that this choice would allow access to your computer. Despite the bug in SP1, the configuration of the firewall was worked out in a clean way: You were able to run the dial-up connection with a firewall and the internal network card without, because the latter was supposed to enable access through the Windows network.


SP1 + SP2 leads to a catastrophic error


Due to the bug carried over from SP1 as well as a new bug, the firewall configuration with SP2 has a catastrophic effect. The SP2 installation simply uses the previous configuration of the firewall: If it was active for the dial-up connection, now it also has been activated for the network adapter.



At the same time, an exception is determined for file and printer sharing: For the internal network card - and astonishingly also for all adapters.



With the first use of the dial-up connection after installing SP2, all of your shared data are available on the Internet. Now, other users can start guessing your passwords for administrator and guest and you basically are no more secure than the first Windows 95 users with an Internet connection - thanks to Service Pack 2.


How to correct the problem


It is not advisable to keep this defective default configuration. However, the previous environment cannot be restored: The configuration for the firewall was changed, which does not allow the setting of active or inactive conditions or exceptions for each network adapter anymore. Now this only works for network areas.



Choose "Windows Firewall" in the in the Windows Control Panel and the there the tab "Exceptions". Select "File and Print Services" and click on "Edit". Now you can see four ports which are used by the file and print sharing service.



To lock the service to the outside and keep it open for the internal LAN, you have to individually select and change its area with the respective button. Our reader Yves Jerschov notified us of another bug: The value for the area set by default "Only for own network (Subnet)" only works, if the Internet Connection Sharing is activated. If this is not the case, your shared data are visible worldwide. This error can be corrected by choosing "User defined List" and entering the IP addresses that are supposed to have access - the IP addresses of your LAN. A whole range of an IP area can be entered as "192.168.x.0/255.255.255.0", if the respective addresses start with 192.168.x.



After these measures, you can be sure to be as safe as you were with SP1. Great, don't you think?

 

[David H. Lipman]

Care to corroborate that info with a URL from a LEGITIMATE CERT or Security Organization ?

So far this information remains uncorroborated !

But what do you expect from an anonymous poster posting in HTML.

Dave





"Windows XP Service Pack 2 with Advanced Security Technologies helps you protect your PC
against viruses, hackers, and worms." - this is how Microsoft promotes its Service Pack 2 on
its website. What the company does not say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet user to have a look around your PC.



As soon as you install SP2 on a Windows XP PC with a certain configuration, your file and
printer sharing data are visible worldwide, despite an activated Firewall. This also applies
to all other services. The PC only has to provide sharing for an internal local network and
connect to the Internet via dial-up or ISDN. Users of DSL services are also affected, if a
firewall is not integrated into the DSL modem or a common modem instead of a DSL router is
used. Additionally, Internet Connection Sharing of the PC has to be disabled.



A number of test scans run by PC-Welt revealed that this in fact is a common configuration
and not a rare sight. Without great effort, we were able to discover private documents on
easily accessible computers on the Internet. It must be assumed, that these users wrongly
believe they are safe and that their sharing configurations are only visible in their
network at home: Often, we did not even encounter password protection.


Already Windows 95 affected by a similar problem


Experienced Windows users may remember that there was a similar problem in the past,
specifically with Windows 95. Back then, Microsoft forgot to separate file and printer
sharing from the dial-up network adapter when such a connection was configured.



In other words, this caused the service to be released worldwide through the dial-up
connection as soon as you were connected to the Internet. Microsoft at that time issued an
update to patch the bug. The fact that file and printer sharing since then is not connected
to the dial-up connection anymore, can easily be seen on your system: Right-click on the
symbol "My Network Places" and select "Properties". Repeat the right-click and selection
with the icon of your dial-up connection and select the tab "Settings". If there is no check
at "File and Printer Sharing", it indicates that this service should not be made available
through your dial-up connection.



This in fact is true for Windows XP without Service Pack. Since SP1, this configuration is
hardly more than cosmetics and does not serve any purpose anymore. This means, the file and
printer sharing service is connected in general, also to the dial-up network adapter. This
in itself is a serious bug, since your shared data potentially could be seen on the
Internet. However, there are no catastrophic effects, as every dial-up connection is
configured with an activated firewall by default.



If you intended to deactivate this firewall, Windows displayed an easily recognizable
dialog, that this choice would allow access to your computer. Despite the bug in SP1, the
configuration of the firewall was worked out in a clean way: You were able to run the
dial-up connection with a firewall and the internal network card without, because the latter
was supposed to enable access through the Windows network.


SP1 + SP2 leads to a catastrophic error


Due to the bug carried over from SP1 as well as a new bug, the firewall configuration with
SP2 has a catastrophic effect. The SP2 installation simply uses the previous configuration
of the firewall: If it was active for the dial-up connection, now it also has been activated
for the network adapter.



At the same time, an exception is determined for file and printer sharing: For the internal
network card - and astonishingly also for all adapters.



With the first use of the dial-up connection after installing SP2, all of your shared data
are available on the Internet. Now, other users can start guessing your passwords for
administrator and guest and you basically are no more secure than the first Windows 95 users
with an Internet connection - thanks to Service Pack 2.


How to correct the problem


It is not advisable to keep this defective default configuration. However, the previous
environment cannot be restored: The configuration for the firewall was changed, which does
not allow the setting of active or inactive conditions or exceptions for each network
adapter anymore. Now this only works for network areas.



Choose "Windows Firewall" in the in the Windows Control Panel and the there the tab
"Exceptions". Select "File and Print Services" and click on "Edit". Now you can see four
ports which are used by the file and print sharing service.



To lock the service to the outside and keep it open for the internal LAN, you have to
individually select and change its area with the respective button. Our reader Yves Jerschov
notified us of another bug: The value for the area set by default "Only for own network
(Subnet)" only works, if the Internet Connection Sharing is activated. If this is not the
case, your shared data are visible worldwide. This error can be corrected by choosing "User
defined List" and entering the IP addresses that are supposed to have access - the IP
addresses of your LAN. A whole range of an IP area can be entered as
"192.168.x.0/255.255.255.0", if the respective addresses start with 192.168.x.



After these measures, you can be sure to be as safe as you were with SP1. Great, don't you
think?

 

[David Candy]

Perhaps this is why you should pay experts to set up your computer. There is no problem except users thinking they know what they are doing. This is a USER STUPIDITY problem and has nothing to do with XP.

--
----------------------------------------------------------
http://www.uscricket.com
"Windows XP Service Pack 2 with Advanced Security Technologies helps you protect your PC against viruses, hackers, and worms." - this is how Microsoft promotes its Service Pack 2 on its website. What the company does not say: Instead of viruses, worms, and hackers, the supposedly safe SP2 for Windows XP invites any Internet user to have a look around your PC.



As soon as you install SP2 on a Windows XP PC with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall. This also applies to all other services. The PC only has to provide sharing for an internal local network and connect to the Internet via dial-up or ISDN. Users of DSL services are also affected, if a firewall is not integrated into the DSL modem or a common modem instead of a DSL router is used. Additionally, Internet Connection Sharing of the PC has to be disabled.



A number of test scans run by PC-Welt revealed that this in fact is a common configuration and not a rare sight. Without great effort, we were able to discover private documents on easily accessible computers on the Internet. It must be assumed, that these users wrongly believe they are safe and that their sharing configurations are only visible in their network at home: Often, we did not even encounter password protection.


Already Windows 95 affected by a similar problem


Experienced Windows users may remember that there was a similar problem in the past, specifically with Windows 95. Back then, Microsoft forgot to separate file and printer sharing from the dial-up network adapter when such a connection was configured.



In other words, this caused the service to be released worldwide through the dial-up connection as soon as you were connected to the Internet. Microsoft at that time issued an update to patch the bug. The fact that file and printer sharing since then is not connected to the dial-up connection anymore, can easily be seen on your system: Right-click on the symbol "My Network Places" and select "Properties". Repeat the right-click and selection with the icon of your dial-up connection and select the tab "Settings". If there is no check at "File and Printer Sharing", it indicates that this service should not be made available through your dial-up connection.



This in fact is true for Windows XP without Service Pack. Since SP1, this configuration is hardly more than cosmetics and does not serve any purpose anymore. This means, the file and printer sharing service is connected in general, also to the dial-up network adapter. This in itself is a serious bug, since your shared data potentially could be seen on the Internet. However, there are no catastrophic effects, as every dial-up connection is configured with an activated firewall by default.



If you intended to deactivate this firewall, Windows displayed an easily recognizable dialog, that this choice would allow access to your computer. Despite the bug in SP1, the configuration of the firewall was worked out in a clean way: You were able to run the dial-up connection with a firewall and the internal network card without, because the latter was supposed to enable access through the Windows network.


SP1 + SP2 leads to a catastrophic error


Due to the bug carried over from SP1 as well as a new bug, the firewall configuration with SP2 has a catastrophic effect. The SP2 installation simply uses the previous configuration of the firewall: If it was active for the dial-up connection, now it also has been activated for the network adapter.



At the same time, an exception is determined for file and printer sharing: For the internal network card - and astonishingly also for all adapters.



With the first use of the dial-up connection after installing SP2, all of your shared data are available on the Internet. Now, other users can start guessing your passwords for administrator and guest and you basically are no more secure than the first Windows 95 users with an Internet connection - thanks to Service Pack 2.


How to correct the problem


It is not advisable to keep this defective default configuration. However, the previous environment cannot be restored: The configuration for the firewall was changed, which does not allow the setting of active or inactive conditions or exceptions for each network adapter anymore. Now this only works for network areas.



Choose "Windows Firewall" in the in the Windows Control Panel and the there the tab "Exceptions". Select "File and Print Services" and click on "Edit". Now you can see four ports which are used by the file and print sharing service.



To lock the service to the outside and keep it open for the internal LAN, you have to individually select and change its area with the respective button. Our reader Yves Jerschov notified us of another bug: The value for the area set by default "Only for own network (Subnet)" only works, if the Internet Connection Sharing is activated. If this is not the case, your shared data are visible worldwide. This error can be corrected by choosing "User defined List" and entering the IP addresses that are supposed to have access - the IP addresses of your LAN. A whole range of an IP area can be entered as "192.168.x.0/255.255.255.0", if the respective addresses start with 192.168.x.



After these measures, you can be sure to be as safe as you were with SP1. Great, don't you think?

 

[David H. Lipman]

I have and as I stated -- "So far this information remains uncorroborated !"

You on the other hand posted NO referencing information -- NONE.

I was alerted to the following rag Yesterday -- http://www.theinquirer.net/?article=18527
No reputable company nor CERT has corroborated PC Welt.

If you believe everything you read on the web, you'll believe these guys...
http://www.flat-earth.org/
The Flat Earth Society would lead you to believe the world is flat.

Dave




Find it yourself! Or do you not know how to do a search? Ask here - I'm sure someone will
help you!

 

[OMG!!]

Uh, do you run a firewall? If so then what are ya worried
about. Have your provider ping you, if they see a
firewall then even they can't get in, that plus the added
protection from Microsoft kinda makes you pretty
invulnerable

-----Original Message-----
"Windows XP Service Pack 2 with Advanced Security

Technologies helps you protect your PC against viruses,
hackers, and worms." - this is how Microsoft promotes its
Service Pack 2 on its website. What the company does not
say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet
user to have a look around your PC.

As soon as you install SP2 on a Windows XP PC with a

certain configuration, your file and printer sharing data
are visible worldwide, despite an activated Firewall.
This also applies to all other services. The PC only has
to provide sharing for an internal local network and
connect to the Internet via dial-up or ISDN. Users of DSL
services are also affected, if a firewall is not
integrated into the DSL modem or a common modem instead
of a DSL router is used. Additionally, Internet
Connection Sharing of the PC has to be disabled.

A number of test scans run by PC-Welt revealed that this

in fact is a common configuration and not a rare sight.
Without great effort, we were able to discover private
documents on easily accessible computers on the Internet.
It must be assumed, that these users wrongly believe they
are safe and that their sharing configurations are only
visible in their network at home: Often, we did not even
encounter password protection.

Already Windows 95 affected by a similar problem


Experienced Windows users may remember that there was a

similar problem in the past, specifically with Windows
95. Back then, Microsoft forgot to separate file and
printer sharing from the dial-up network adapter when
such a connection was configured.

In other words, this caused the service to be released

worldwide through the dial-up connection as soon as you
were connected to the Internet. Microsoft at that time
issued an update to patch the bug. The fact that file and
printer sharing since then is not connected to the dial-
up connection anymore, can easily be seen on your system:
Right-click on the symbol "My Network Places" and
select "Properties". Repeat the right-click and selection
with the icon of your dial-up connection and select the
tab "Settings". If there is no check at "File and Printer
Sharing", it indicates that this service should not be
made available through your dial-up connection.

This in fact is true for Windows XP without Service

Pack. Since SP1, this configuration is hardly more than
cosmetics and does not serve any purpose anymore. This
means, the file and printer sharing service is connected
in general, also to the dial-up network adapter. This in
itself is a serious bug, since your shared data
potentially could be seen on the Internet. However, there
are no catastrophic effects, as every dial-up connection
is configured with an activated firewall by default.

If you intended to deactivate this firewall, Windows

displayed an easily recognizable dialog, that this choice
would allow access to your computer. Despite the bug in
SP1, the configuration of the firewall was worked out in
a clean way: You were able to run the dial-up connection
with a firewall and the internal network card without,
because the latter was supposed to enable access through
the Windows network.

SP1 + SP2 leads to a catastrophic error


Due to the bug carried over from SP1 as well as a new

bug, the firewall configuration with SP2 has a
catastrophic effect. The SP2 installation simply uses the
previous configuration of the firewall: If it was active
for the dial-up connection, now it also has been
activated for the network adapter.

At the same time, an exception is determined for file

and printer sharing: For the internal network card - and
astonishingly also for all adapters.

With the first use of the dial-up connection after

installing SP2, all of your shared data are available on
the Internet. Now, other users can start guessing your
passwords for administrator and guest and you basically
are no more secure than the first Windows 95 users with
an Internet connection - thanks to Service Pack 2.

How to correct the problem


It is not advisable to keep this defective default

configuration. However, the previous environment cannot
be restored: The configuration for the firewall was
changed, which does not allow the setting of active or
inactive conditions or exceptions for each network
adapter anymore. Now this only works for network areas.

Choose "Windows Firewall" in the in the Windows Control

Panel and the there the tab "Exceptions". Select "File
and Print Services" and click on "Edit". Now you can see
four ports which are used by the file and print sharing
service.

To lock the service to the outside and keep it open for

the internal LAN, you have to individually select and
change its area with the respective button. Our reader
Yves Jerschov notified us of another bug: The value for
the area set by default "Only for own network (Subnet)"
only works, if the Internet Connection Sharing is
activated. If this is not the case, your shared data are
visible worldwide. This error can be corrected by
choosing "User defined List" and entering the IP
addresses that are supposed to have access - the IP
addresses of your LAN. A whole range of an IP area can be
entered as "192.168.x.0/255.255.255.0", if the respective
addresses start with 192.168.x.

After these measures, you can be sure to be as safe as

you were with SP1. Great, don't you think?

 

[User1]

Ya - I do. What's the point?
Uh, do you run a firewall? If so then what are ya worried
about. Have your provider ping you, if they see a
firewall then even they can't get in, that plus the added
protection from Microsoft kinda makes you pretty
invulnerable

-----Original Message-----
"Windows XP Service Pack 2 with Advanced Security

Technologies helps you protect your PC against viruses,
hackers, and worms." - this is how Microsoft promotes its
Service Pack 2 on its website. What the company does not
say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet
user to have a look around your PC.

As soon as you install SP2 on a Windows XP PC with a

certain configuration, your file and printer sharing data
are visible worldwide, despite an activated Firewall.
This also applies to all other services. The PC only has
to provide sharing for an internal local network and
connect to the Internet via dial-up or ISDN. Users of DSL
services are also affected, if a firewall is not
integrated into the DSL modem or a common modem instead
of a DSL router is used. Additionally, Internet
Connection Sharing of the PC has to be disabled.

A number of test scans run by PC-Welt revealed that this

in fact is a common configuration and not a rare sight.
Without great effort, we were able to discover private
documents on easily accessible computers on the Internet.
It must be assumed, that these users wrongly believe they
are safe and that their sharing configurations are only
visible in their network at home: Often, we did not even
encounter password protection.

Already Windows 95 affected by a similar problem


Experienced Windows users may remember that there was a

similar problem in the past, specifically with Windows
95. Back then, Microsoft forgot to separate file and
printer sharing from the dial-up network adapter when
such a connection was configured.

In other words, this caused the service to be released

worldwide through the dial-up connection as soon as you
were connected to the Internet. Microsoft at that time
issued an update to patch the bug. The fact that file and
printer sharing since then is not connected to the dial-
up connection anymore, can easily be seen on your system:
Right-click on the symbol "My Network Places" and
select "Properties". Repeat the right-click and selection
with the icon of your dial-up connection and select the
tab "Settings". If there is no check at "File and Printer
Sharing", it indicates that this service should not be
made available through your dial-up connection.

This in fact is true for Windows XP without Service

Pack. Since SP1, this configuration is hardly more than
cosmetics and does not serve any purpose anymore. This
means, the file and printer sharing service is connected
in general, also to the dial-up network adapter. This in
itself is a serious bug, since your shared data
potentially could be seen on the Internet. However, there
are no catastrophic effects, as every dial-up connection
is configured with an activated firewall by default.

If you intended to deactivate this firewall, Windows

displayed an easily recognizable dialog, that this choice
would allow access to your computer. Despite the bug in
SP1, the configuration of the firewall was worked out in
a clean way: You were able to run the dial-up connection
with a firewall and the internal network card without,
because the latter was supposed to enable access through
the Windows network.

SP1 + SP2 leads to a catastrophic error


Due to the bug carried over from SP1 as well as a new

bug, the firewall configuration with SP2 has a
catastrophic effect. The SP2 installation simply uses the
previous configuration of the firewall: If it was active
for the dial-up connection, now it also has been
activated for the network adapter.

At the same time, an exception is determined for file

and printer sharing: For the internal network card - and
astonishingly also for all adapters.

With the first use of the dial-up connection after

installing SP2, all of your shared data are available on
the Internet. Now, other users can start guessing your
passwords for administrator and guest and you basically
are no more secure than the first Windows 95 users with
an Internet connection - thanks to Service Pack 2.

How to correct the problem


It is not advisable to keep this defective default

configuration. However, the previous environment cannot
be restored: The configuration for the firewall was
changed, which does not allow the setting of active or
inactive conditions or exceptions for each network
adapter anymore. Now this only works for network areas.

Choose "Windows Firewall" in the in the Windows Control

Panel and the there the tab "Exceptions". Select "File
and Print Services" and click on "Edit". Now you can see
four ports which are used by the file and print sharing
service.

To lock the service to the outside and keep it open for

the internal LAN, you have to individually select and
change its area with the respective button. Our reader
Yves Jerschov notified us of another bug: The value for
the area set by default "Only for own network (Subnet)"
only works, if the Internet Connection Sharing is
activated. If this is not the case, your shared data are
visible worldwide. This error can be corrected by
choosing "User defined List" and entering the IP
addresses that are supposed to have access - the IP
addresses of your LAN. A whole range of an IP area can be
entered as "192.168.x.0/255.255.255.0", if the respective
addresses start with 192.168.x.

After these measures, you can be sure to be as safe as

you were with SP1. Great, don't you think?

 

[Jone Doe]

*sniff* I smell a troll.
Ya - I do. What's the point?
Uh, do you run a firewall? If so then what are ya worried
about. Have your provider ping you, if they see a
firewall then even they can't get in, that plus the added
protection from Microsoft kinda makes you pretty
invulnerable

-----Original Message-----
"Windows XP Service Pack 2 with Advanced Security

Technologies helps you protect your PC against viruses,
hackers, and worms." - this is how Microsoft promotes its
Service Pack 2 on its website. What the company does not
say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet
user to have a look around your PC.

As soon as you install SP2 on a Windows XP PC with a

certain configuration, your file and printer sharing data
are visible worldwide, despite an activated Firewall.
This also applies to all other services. The PC only has
to provide sharing for an internal local network and
connect to the Internet via dial-up or ISDN. Users of DSL
services are also affected, if a firewall is not
integrated into the DSL modem or a common modem instead
of a DSL router is used. Additionally, Internet
Connection Sharing of the PC has to be disabled.

A number of test scans run by PC-Welt revealed that this

in fact is a common configuration and not a rare sight.
Without great effort, we were able to discover private
documents on easily accessible computers on the Internet.
It must be assumed, that these users wrongly believe they
are safe and that their sharing configurations are only
visible in their network at home: Often, we did not even
encounter password protection.

Already Windows 95 affected by a similar problem


Experienced Windows users may remember that there was a

similar problem in the past, specifically with Windows
95. Back then, Microsoft forgot to separate file and
printer sharing from the dial-up network adapter when
such a connection was configured.

In other words, this caused the service to be released

worldwide through the dial-up connection as soon as you
were connected to the Internet. Microsoft at that time
issued an update to patch the bug. The fact that file and
printer sharing since then is not connected to the dial-
up connection anymore, can easily be seen on your system:
Right-click on the symbol "My Network Places" and
select "Properties". Repeat the right-click and selection
with the icon of your dial-up connection and select the
tab "Settings". If there is no check at "File and Printer
Sharing", it indicates that this service should not be
made available through your dial-up connection.

This in fact is true for Windows XP without Service

Pack. Since SP1, this configuration is hardly more than
cosmetics and does not serve any purpose anymore. This
means, the file and printer sharing service is connected
in general, also to the dial-up network adapter. This in
itself is a serious bug, since your shared data
potentially could be seen on the Internet. However, there
are no catastrophic effects, as every dial-up connection
is configured with an activated firewall by default.

If you intended to deactivate this firewall, Windows

displayed an easily recognizable dialog, that this choice
would allow access to your computer. Despite the bug in
SP1, the configuration of the firewall was worked out in
a clean way: You were able to run the dial-up connection
with a firewall and the internal network card without,
because the latter was supposed to enable access through
the Windows network.

SP1 + SP2 leads to a catastrophic error


Due to the bug carried over from SP1 as well as a new

bug, the firewall configuration with SP2 has a
catastrophic effect. The SP2 installation simply uses the
previous configuration of the firewall: If it was active
for the dial-up connection, now it also has been
activated for the network adapter.

At the same time, an exception is determined for file

and printer sharing: For the internal network card - and
astonishingly also for all adapters.

With the first use of the dial-up connection after

installing SP2, all of your shared data are available on
the Internet. Now, other users can start guessing your
passwords for administrator and guest and you basically
are no more secure than the first Windows 95 users with
an Internet connection - thanks to Service Pack 2.

How to correct the problem


It is not advisable to keep this defective default

configuration. However, the previous environment cannot
be restored: The configuration for the firewall was
changed, which does not allow the setting of active or
inactive conditions or exceptions for each network
adapter anymore. Now this only works for network areas.

Choose "Windows Firewall" in the in the Windows Control

Panel and the there the tab "Exceptions". Select "File
and Print Services" and click on "Edit". Now you can see
four ports which are used by the file and print sharing
service.

To lock the service to the outside and keep it open for

the internal LAN, you have to individually select and
change its area with the respective button. Our reader
Yves Jerschov notified us of another bug: The value for
the area set by default "Only for own network (Subnet)"
only works, if the Internet Connection Sharing is
activated. If this is not the case, your shared data are
visible worldwide. This error can be corrected by
choosing "User defined List" and entering the IP
addresses that are supposed to have access - the IP
addresses of your LAN. A whole range of an IP area can be
entered as "192.168.x.0/255.255.255.0", if the respective
addresses start with 192.168.x.

After these measures, you can be sure to be as safe as

you were with SP1. Great, don't you think?

 

[Jeff]

I'm no expert, but it seems to me all the responses here seem to be
attacking the sender instead of refuting the facts of what he is claiming.
Not helpful to the rest of us.

--

Jeff Williams
Email address deliberately false to avoid spam
(e-mail address removed)


*sniff* I smell a troll.
Ya - I do. What's the point?
Uh, do you run a firewall? If so then what are ya worried
about. Have your provider ping you, if they see a
firewall then even they can't get in, that plus the added
protection from Microsoft kinda makes you pretty
invulnerable

-----Original Message-----
"Windows XP Service Pack 2 with Advanced Security

Technologies helps you protect your PC against viruses,
hackers, and worms." - this is how Microsoft promotes its
Service Pack 2 on its website. What the company does not
say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet
user to have a look around your PC.

As soon as you install SP2 on a Windows XP PC with a

certain configuration, your file and printer sharing data
are visible worldwide, despite an activated Firewall.
This also applies to all other services. The PC only has
to provide sharing for an internal local network and
connect to the Internet via dial-up or ISDN. Users of DSL
services are also affected, if a firewall is not
integrated into the DSL modem or a common modem instead
of a DSL router is used. Additionally, Internet
Connection Sharing of the PC has to be disabled.

A number of test scans run by PC-Welt revealed that this

in fact is a common configuration and not a rare sight.
Without great effort, we were able to discover private
documents on easily accessible computers on the Internet.
It must be assumed, that these users wrongly believe they
are safe and that their sharing configurations are only
visible in their network at home: Often, we did not even
encounter password protection.

Already Windows 95 affected by a similar problem


Experienced Windows users may remember that there was a

similar problem in the past, specifically with Windows
95. Back then, Microsoft forgot to separate file and
printer sharing from the dial-up network adapter when
such a connection was configured.

In other words, this caused the service to be released

worldwide through the dial-up connection as soon as you
were connected to the Internet. Microsoft at that time
issued an update to patch the bug. The fact that file and
printer sharing since then is not connected to the dial-
up connection anymore, can easily be seen on your system:
Right-click on the symbol "My Network Places" and
select "Properties". Repeat the right-click and selection
with the icon of your dial-up connection and select the
tab "Settings". If there is no check at "File and Printer
Sharing", it indicates that this service should not be
made available through your dial-up connection.

This in fact is true for Windows XP without Service

Pack. Since SP1, this configuration is hardly more than
cosmetics and does not serve any purpose anymore. This
means, the file and printer sharing service is connected
in general, also to the dial-up network adapter. This in
itself is a serious bug, since your shared data
potentially could be seen on the Internet. However, there
are no catastrophic effects, as every dial-up connection
is configured with an activated firewall by default.

If you intended to deactivate this firewall, Windows

displayed an easily recognizable dialog, that this choice
would allow access to your computer. Despite the bug in
SP1, the configuration of the firewall was worked out in
a clean way: You were able to run the dial-up connection
with a firewall and the internal network card without,
because the latter was supposed to enable access through
the Windows network.

SP1 + SP2 leads to a catastrophic error


Due to the bug carried over from SP1 as well as a new

bug, the firewall configuration with SP2 has a
catastrophic effect. The SP2 installation simply uses the
previous configuration of the firewall: If it was active
for the dial-up connection, now it also has been
activated for the network adapter.

At the same time, an exception is determined for file

and printer sharing: For the internal network card - and
astonishingly also for all adapters.

With the first use of the dial-up connection after

installing SP2, all of your shared data are available on
the Internet. Now, other users can start guessing your
passwords for administrator and guest and you basically
are no more secure than the first Windows 95 users with
an Internet connection - thanks to Service Pack 2.

How to correct the problem


It is not advisable to keep this defective default

configuration. However, the previous environment cannot
be restored: The configuration for the firewall was
changed, which does not allow the setting of active or
inactive conditions or exceptions for each network
adapter anymore. Now this only works for network areas.

Choose "Windows Firewall" in the in the Windows Control

Panel and the there the tab "Exceptions". Select "File
and Print Services" and click on "Edit". Now you can see
four ports which are used by the file and print sharing
service.

To lock the service to the outside and keep it open for

the internal LAN, you have to individually select and
change its area with the respective button. Our reader
Yves Jerschov notified us of another bug: The value for
the area set by default "Only for own network (Subnet)"
only works, if the Internet Connection Sharing is
activated. If this is not the case, your shared data are
visible worldwide. This error can be corrected by
choosing "User defined List" and entering the IP
addresses that are supposed to have access - the IP
addresses of your LAN. A whole range of an IP area can be
entered as "192.168.x.0/255.255.255.0", if the respective
addresses start with 192.168.x.

After these measures, you can be sure to be as safe as

you were with SP1. Great, don't you think?

 

[Testy]

Typical knee-jerk reaction here. You know "shoot the messenger"

Testy

 

[Herb Fritatta]

Perhaps this is why you should pay experts to set up your computer.
There is no problem except users thinking they know what they are doing.
This is a USER STUPIDITY problem and has nothing to do with XP.

--

What's your point? Almost all of SP2 is directed at stupid or
ignorant/lazy users. If there's an open door, and the great mass of
users is not equipped to close it, then who will?

 

[Alex Nichol]

Care to corroborate that info with a URL from a LEGITIMATE CERT or Security Organization ?

So far this information remains uncorroborated !

But what do you expect from an anonymous poster posting in HTML.

It is valid I think in so far as the firewall settings do have File and
Print sharing on in exceptions by default (at least I don't recollect
different). But to go through would require the related service to be
enabled on the connection, and if it is it is presumably because it is
wanted. If you have a route through for a needed service it is bound to
be a hole.

But this is not a new glaring hole in SP2. It was much bigger before
with no firewall at all. And there are enough complaints arising from
the new firewall blocking things as it is

 

[David Candy]

XP is a corporate operating system. It is not designed for home users.

 

[Sandi - Microsoft MVP]

What's your point? Almost all of SP2 is directed at stupid or
ignorant/lazy users. If there's an open door, and the great mass of users
is not equipped to close it, then who will?

Your version of Thunderbird is superseded and vulnerable to some known
security problems:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

I'll leave it to you to decide what sort of user description you fall under.

 

[Ted Grumbull]

Care to corroborate that info with a URL from a LEGITIMATE CERT or Security Organization ?

So far this information remains uncorroborated !

But what do you expect from an anonymous poster posting in HTML.

Dave

Yeah, and we ***ALL*** know your name really is "David H. Lipman",
because this is USENET and you say so......

 

[User1]

Now - That's a crock!!


XP is a corporate operating system. It is not designed for home users.

 

[David H. Lipman]

There are 4 versions of XP. Two of which *are* for the home user.

XP Pro -- corp
XP Pro 64bit -- corp
HP Home -- home
HP Media Center -- home

Dave


XP is a corporate operating system. It is not designed for home users.

 

[David H. Lipman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Technical Cyber Security Alert TA04-261A
Multiple vulnerabilities in Mozilla products

Original release date: September 17, 2004
Last revised: --
Source: US-CERT

Systems Affected

Mozilla software, including the following:

* Mozilla web browser, email and newsgroup client
* Firefox web browser
* Thunderbird email client

Overview

Several vulnerabilities exist in the Mozilla web browser and derived
products, the most serious of which could allow a remote attacker to
execute arbitrary code on an affected system.

I. Description

Several vulnerabilities have been reported in the Mozilla web browser
and derived products. More detailed information is available in the
individual vulnerability notes:

VU#414240 - Mozilla Mail vulnerable to buffer overflow via
writeGroup() function in nsVCardObj.cpp

Mozilla Mail contains a stack overflow vulnerability in the display
routines for VCards. By sending an email message with a crafted VCard,
a remote attacker may be able to execute arbitrary code on the
victim's machine with the privileges of the current user. This can be
exploited in the preview mode as well.

VU#847200 - Mozilla contains integer overflows in bitmap image decoder

A vulnerability in the way Mozilla and its derived programs handle
certain bitmap images could allow a remote attacker to execute
arbitrary code on a vulnerable system.

VU#808216 - Mozilla contains heap overflow in UTF8 conversion of
hostname portion of URLs

A vulnerability in the way Mozilla and its derived programs handle
certain malformed URLs could allow a remote attacker to execute
arbitrary code on a vulnerable system.

VU#125776 - Multiple buffer overflows in Mozilla POP3 protocol handler

There are multiple buffer overflow vulnerabilities in the Mozilla POP3
protocol handler that could allow a malicious POP3 server to execute
arbitrary code on the affected system.

VU#327560 - Mozilla "send page" feature contains a buffer overflow
vulnerability

There is a buffer overflow vulnerability in the Mozilla "send page"
feature that could allow a remote attacker to execute arbitrary code.

VU#651928 - Mozilla allows arbitrary code execution via link dragging

A vulnerability affecting Mozilla web browsers may allow violation of
cross-domain scripting policies and possibly execute code originating
from a remote source.

II. Impact

These vulnerabilities could allow a remote attacker to execute
arbitrary code with the privileges of the user running the affected
application.

VU#847200 could also allow a remote attacker to crash an affected
application.

III. Solution

Upgrade to a patched version

Mozilla has released versions of the affected software that contain
patches for these issues:

* Mozilla 1.7.3
* Firefox Preview Release
* Thunderbird 0.8

Users are strongly encouraged to upgrade to one of these versions.

Appendix A. References

* Mozilla Security Advisory -
<http://www.mozilla.org/projects/security/known-vulnerabilities.ht
ml>
* Mozilla 1.7.2 non-ascii hostname heap overrun, Gael Delalleau -
<http://www.zencomsec.com/advisories/mozilla-1.7.2-UTF8link.txt>
* Security Audit of Mozilla's .bmp image parsing, Gael Delalleau -
<http://www.zencomsec.com/advisories/mozilla-1.7.2-BMP.txt>
* Security Audit of Mozilla's POP3 client protocol, Gael Delalleau -
<http://www.zencomsec.com/advisories/mozilla-1.7.2-POP3.txt>
* US-CERT Vulnerability Note VU#414240 -
<http://www.kb.cert.org/vuls/id/414240>
* US-CERT Vulnerability Note VU#847200 -
<http://www.kb.cert.org/vuls/id/847200>
* US-CERT Vulnerability Note VU#808216 -
<http://www.kb.cert.org/vuls/id/808216>
* US-CERT Vulnerability Note VU#125776 -
<http://www.kb.cert.org/vuls/id/125776>
* US-CERT Vulnerability Note VU#327560 -
<http://www.kb.cert.org/vuls/id/327560>
* US-CERT Vulnerability Note VU#651928 -
<http://www.kb.cert.org/vuls/id/651928>
_________________________________________________________________

Mozilla has assigned credit for reporting of these issue to the
following:

* VU#414240: Georgi Guninski
* VU#847200: Gael Delalleau
* VU#808216: Gael Delalleau and Mats Palmgren
* VU#125776: Gael Delalleau
* VU#327560: Georgi Guninski
* VU#651928: Jesse Ruderman
_________________________________________________________________

Feedback can be directed to the US-CERT Technical Staff.
_________________________________________________________________

This document is available from:

<http://www.us-cert.gov/cas/techalerts/TA04-261A.html>

_________________________________________________________________

Copyright 2004 Carnegie Mellon University.

Terms of use: <http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

Sept 17, 2004: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQUtEPBhoSezw4YfQAQIosQgAkny8jByUHOSsukYr4u20BGhOb1FI2wKY
GilIzIJy8sKtHq6S3XHMk5xXH8dDgheODPV3NLB6X6sksG4x1o5pQKq2lgANas13
EIIfVb5p3//uS0qV/zhPlc7tkBcJAVgx1BaExorJpsHeEfhF22+hPt+BuuBM875B
T1owipQIGbADQjhh4zVAJYSsLl3R8ZHYu8QnJlRn+qCF2Psg2eTnXlzfzIHvhl/3
KuaeqQ86V+B+uXUox2FjlrOzYujUY2z+syRkfNFINIo3E51rRJxF5SGxNt0gPD+y
CqZw4LDf+HqdpIQd6J/vJq4GcOkOXYraXskUK8zwCiSwqSw1ucYGvA==
=C1IN
-----END PGP SIGNATURE-----




| | > What's your point? Almost all of SP2 is directed at stupid or
| > ignorant/lazy users. If there's an open door, and the great mass of users
| > is not equipped to close it, then who will?
|
| Your version of Thunderbird is superseded and vulnerable to some known
| security problems:
| http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
|
| I'll leave it to you to decide what sort of user description you fall under.
|
| --
| _______________________________________
| Hyperlinks used to ensure advice is current
| Sandi - Microsoft MVP since 1999 (IE/OE)
| http://inetexplorer.mvps.org
|
|
|

 

[David H. Lipman]

Talk about typos -- sorry !...

There are 4 versions of XP. Two of which *are* for the home user.

XP Pro -- corp
XP Pro 64bit -- corp
XP Home -- home
XP Media Center -- home

Dave

 

[Bruce Chambers]

I'm no expert, but it seems to me all the responses here seem to be
attacking the sender instead of refuting the facts of what he is
claiming. Not helpful to the rest of us.

But the OP hasn't provided any "facts" to refute, other than the
fact that there's an unsubstantiated and uncorroborated news story
about an alleged "security flaw." And this alleged flaw is present,
even according to the articles reporting it, *only* if the computer
users have not properly configured their firewall. This is hardly
news. A firewall doesn't configure itself; it's the computer user's
responsibility.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH

 

[David H. Lipman]

Think what you want.
That *IS* my name and those who know me know I don't steer people wrong. I do make
mistakes, and I'll admit it, but I don't deliberately mislead.

Dave



| On Sat, 18 Sep 2004 22:42:34 -0400, "David H. Lipman"
|
| >Care to corroborate that info with a URL from a LEGITIMATE CERT or Security Organization
?
| >
| >So far this information remains uncorroborated !
| >
| >But what do you expect from an anonymous poster posting in HTML.
| >
| >Dave
| >
| >
| >
|
|
| Yeah, and we ***ALL*** know your name really is "David H. Lipman",
| because this is USENET and you say so......
|
| >
| >
| >"Windows XP Service Pack 2 with Advanced Security Technologies helps you protect your PC
| >against viruses, hackers, and worms." - this is how Microsoft promotes its Service Pack 2
on
| >its website. What the company does not say: Instead of viruses, worms, and hackers, the
| >supposedly safe SP2 for Windows XP invites any Internet user to have a look around your
PC.
| >
| >
| >
| >As soon as you install SP2 on a Windows XP PC with a certain configuration, your file and
| >printer sharing data are visible worldwide, despite an activated Firewall. This also
applies
| >to all other services. The PC only has to provide sharing for an internal local network
and
| >connect to the Internet via dial-up or ISDN. Users of DSL services are also affected, if
a
| >firewall is not integrated into the DSL modem or a common modem instead of a DSL router
is
| >used. Additionally, Internet Connection Sharing of the PC has to be disabled.
| >
| >
| >
| >A number of test scans run by PC-Welt revealed that this in fact is a common
configuration
| >and not a rare sight. Without great effort, we were able to discover private documents on
| >easily accessible computers on the Internet. It must be assumed, that these users wrongly
| >believe they are safe and that their sharing configurations are only visible in their
| >network at home: Often, we did not even encounter password protection.
| >
| >
| >Already Windows 95 affected by a similar problem
| >
| >
| >Experienced Windows users may remember that there was a similar problem in the past,
| >specifically with Windows 95. Back then, Microsoft forgot to separate file and printer
| >sharing from the dial-up network adapter when such a connection was configured.
| >
| >
| >
| >In other words, this caused the service to be released worldwide through the dial-up
| >connection as soon as you were connected to the Internet. Microsoft at that time issued
an
| >update to patch the bug. The fact that file and printer sharing since then is not
connected
| >to the dial-up connection anymore, can easily be seen on your system: Right-click on the
| >symbol "My Network Places" and select "Properties". Repeat the right-click and selection
| >with the icon of your dial-up connection and select the tab "Settings". If there is no
check
| >at "File and Printer Sharing", it indicates that this service should not be made
available
| >through your dial-up connection.
| >
| >
| >
| >This in fact is true for Windows XP without Service Pack. Since SP1, this configuration
is
| >hardly more than cosmetics and does not serve any purpose anymore. This means, the file
and
| >printer sharing service is connected in general, also to the dial-up network adapter.
This
| >in itself is a serious bug, since your shared data potentially could be seen on the
| >Internet. However, there are no catastrophic effects, as every dial-up connection is
| >configured with an activated firewall by default.
| >
| >
| >
| >If you intended to deactivate this firewall, Windows displayed an easily recognizable
| >dialog, that this choice would allow access to your computer. Despite the bug in SP1, the
| >configuration of the firewall was worked out in a clean way: You were able to run the
| >dial-up connection with a firewall and the internal network card without, because the
latter
| >was supposed to enable access through the Windows network.
| >
| >
| >SP1 + SP2 leads to a catastrophic error
| >
| >
| >Due to the bug carried over from SP1 as well as a new bug, the firewall configuration
with
| >SP2 has a catastrophic effect. The SP2 installation simply uses the previous
configuration
| >of the firewall: If it was active for the dial-up connection, now it also has been
activated
| >for the network adapter.
| >
| >
| >
| >At the same time, an exception is determined for file and printer sharing: For the
internal
| >network card - and astonishingly also for all adapters.
| >
| >
| >
| >With the first use of the dial-up connection after installing SP2, all of your shared
data
| >are available on the Internet. Now, other users can start guessing your passwords for
| >administrator and guest and you basically are no more secure than the first Windows 95
users
| >with an Internet connection - thanks to Service Pack 2.
| >
| >
| >How to correct the problem
| >
| >
| >It is not advisable to keep this defective default configuration. However, the previous
| >environment cannot be restored: The configuration for the firewall was changed, which
does
| >not allow the setting of active or inactive conditions or exceptions for each network
| >adapter anymore. Now this only works for network areas.
| >
| >
| >
| >Choose "Windows Firewall" in the in the Windows Control Panel and the there the tab
| >"Exceptions". Select "File and Print Services" and click on "Edit". Now you can see four
| >ports which are used by the file and print sharing service.
| >
| >
| >
| >To lock the service to the outside and keep it open for the internal LAN, you have to
| >individually select and change its area with the respective button. Our reader Yves
Jerschov
| >notified us of another bug: The value for the area set by default "Only for own network
| >(Subnet)" only works, if the Internet Connection Sharing is activated. If this is not the
| >case, your shared data are visible worldwide. This error can be corrected by choosing
"User
| >defined List" and entering the IP addresses that are supposed to have access - the IP
| >addresses of your LAN. A whole range of an IP area can be entered as
| >"192.168.x.0/255.255.255.0", if the respective addresses start with 192.168.x.
| >
| >
| >
| >After these measures, you can be sure to be as safe as you were with SP1. Great, don't
you
| >think?
| >
|