Little Used Service Opens New Vulnerability in XP

A newly discovered but minor denial-of-service flaw in Windows XP could allow hackers to crash the operating system’s firewall. However, the pool of affected computers appears relatively small.

The security vulnerability, which was first reported on Monday, targets the ICS (Internet Connection Sharing) service, a Windows XP feature that lets users share a dial-up or broadband connection with other users on a local area network. Using ICS has become a rather antiquated method for sharing an Internet connection.

The attacker sends malware — a malformed DNS query, specifically — to a vulnerable PC, which causes ICS to shut down. In turn, Windows XP Firewall shuts down and this places the computer at risk.

Tyler Reguly of nCircle, which has been tracking the vulnerability, posted a simple test on his blog: “Are you running Windows XP and are you sharing your Internet connection? If the answer is yes to both of those, then you are vulnerable.”

There is no virus “in the wild” that is tailored to use this exploit, according to Reguly.

Last Line of Defense

PCs that are protected with outside security software should be fine, even with ICS enabled, Ron O’Brien, a senior security analyst with Sophos, told TechNewsWorld. “Even if the vulnerability is exploited, it can’t disable a third-party firewall.”

Users who do not have an additional firewall could be vulnerable, Reguly added. “One thing to remember is that the ICS service is tied to the [Windows] firewall service. If ICS dies, so does your firewall.”

It is difficult to imagine hackers trying to leverage the exploit, said O’Brien. “You can extrapolate that it is individual users relying on the OS for a firewall. Companies tend to have third-party protection and many layers of security.” In other words, a hacker is unlikely to bother.

A New Attitude

Compared with past security flaws in Windows, this one is fairly benign. O’Brien and other security analysts, though, have noted a distinct improvement in Microsoft’s attitude and response time when new vulnerabilities crop up.

“Microsoft is getting better at recognizing the importance of security and the impact it has on the user experience, as well as the Internet as a whole,” said O’Brien. “It’s something they’ve taken to heart, and it is why I believe they are making such an effort now.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

CRM Buyer Channels