Serious security issue in Windows XP SP2

Found on PC-Welt on Thursday, 16 September 2004

As soon as you install SP2 on a Windows XP PC with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall. This also applies to all other services. The PC only has to provide sharing for an internal local network and connect to the Internet via dial-up or ISDN.

Due to the bug carried over from SP1 as well as a new bug, the firewall configuration with SP2 has a catastrophic effect. The SP2 installation simply uses the previous configuration of the firewall: If it was active for the dial-up connection, now it also has been activated for the network adapter.

At the same time, an exception is determined for file and printer sharing: For the internal network card - and astonishingly also for all adapters.

With the first use of the dial-up connection after installing SP2, all of your shared data are available on the Internet. Now, other users can start guessing your passwords for administrator and guest and you basically are no more secure than the first Windows 95 users with an Internet connection - thanks to Service Pack 2.

It surely didn't take long to take the "secure and unhackable" sticker from SP2. On the other hand, we all expected that and it's not really surprising. It was only a matter of time. However, it is kind of funny that more or less the same bug happened in W95 too.

Browse all articles« Previous « » Next »