Descubierto un SERIO agujero de Seguridad en Windows XP SP2

17/09/2004 - 23:39 por Ille Corvus | Informe spam
PC-WELT discovers and fixes serious security issue in Windows XP SP2
http://www.pcwelt.de/know-how/extras/103039/

Traduccion Automatica
http://translate.google.com/transla...mp;oe=UTF8

Informacion extraida del enlace (ver mas ariba):

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"Windows XP Service Pack 2 with Advanced Security Technologies helps
you protect your PC against viruses, hackers, and worms." - this is
how Microsoft promotes its Service Pack 2 on its website. What the
company does not say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet user to have a
look around your PC.

As soon as you install SP2 on a Windows XP PC with a certain
configuration, your file and printer sharing data are visible
worldwide, despite an activated Firewall. This also applies to all
other services. The PC only has to provide sharing for an internal
local network and connect to the Internet via dial-up or ISDN. Users
of DSL services are also affected, if a firewall is not integrated
into the DSL modem or a common modem instead of a DSL router is used.
Additionally, Internet Connection Sharing of the PC has to be
disabled.

A number of test scans run by PC-Welt revealed that this in fact is a
common configuration and not a rare sight. Without great effort, we
were able to discover private documents on easily accessible computers
on the Internet. It must be assumed, that these users wrongly believe
they are safe and that their sharing configurations are only visible
in their network at home: Often, we did not even encounter password
protection.

Already Windows 95 affected by a similar problem

Experienced Windows users may remember that there was a similar
problem in the past, specifically with Windows 95. Back then,
Microsoft forgot to separate file and printer sharing from the dial-up
network adapter when such a connection was configured.

In other words, this caused the service to be released worldwide
through the dial-up connection as soon as you were connected to the
Internet. Microsoft at that time issued an update to patch the bug.
The fact that file and printer sharing since then is not connected to
the dial-up connection anymore, can easily be seen on your system:
Right-click on the symbol "My Network Places" and select "Properties".
Repeat the right-click and selection with the icon of your dial-up
connection and select the tab "Settings". If there is no check at
"File and Printer Sharing", it indicates that this service should not
be made available through your dial-up connection.

This in fact is true for Windows XP without Service Pack. Since SP1,
this configuration is hardly more than cosmetics and does not serve
any purpose anymore. This means, the file and printer sharing service
is connected in general, also to the dial-up network adapter. This in
itself is a serious bug, since your shared data potentially could be
seen on the Internet. However, there are no catastrophic effects, as
every dial-up connection is configured with an activated firewall by
default.

If you intended to deactivate this firewall, Windows displayed an
easily recognizable dialog, that this choice would allow access to
your computer. Despite the bug in SP1, the configuration of the
firewall was worked out in a clean way: You were able to run the
dial-up connection with a firewall and the internal network card
without, because the latter was supposed to enable access through the
Windows network.

SP1 + SP2 leads to a catastrophic error

Due to the bug carried over from SP1 as well as a new bug, the
firewall configuration with SP2 has a catastrophic effect. The SP2
installation simply uses the previous configuration of the firewall:
If it was active for the dial-up connection, now it also has been
activated for the network adapter.

At the same time, an exception is determined for file and printer
sharing: For the internal network card - and astonishingly also for
all adapters.

With the first use of the dial-up connection after installing SP2, all
of your shared data are available on the Internet. Now, other users
can start guessing your passwords for administrator and guest and you
basically are no more secure than the first Windows 95 users with an
Internet connection - thanks to Service Pack 2.

How to correct the problem

It is not advisable to keep this defective default configuration.
However, the previous environment cannot be restored: The
configuration for the firewall was changed, which does not allow the
setting of active or inactive conditions or exceptions for each
network adapter anymore. Now this only works for network areas.

Choose "Windows Firewall" in the in the Windows Control Panel and the
there the tab "Exceptions". Select "File and Print Services" and click
on "Edit". Now you can see four ports which are used by the file and
print sharing service.

To lock the service to the outside and keep it open for the internal
LAN, you have to individually select and change its area with the
respective button. Our reader Yves Jerschov notified us of another
bug: The value for the area set by default "Only for own network
(Subnet)" only works, if the Internet Connection Sharing is activated.
If this is not the case, your shared data are visible worldwide. This
error can be corrected by choosing "User defined List" and entering
the IP addresses that are supposed to have access - the IP addresses
of your LAN. A whole range of an IP area can be entered as
"192.168.x.0/255.255.255.0", if the respective addresses start with
192.168.x.

After these measures, you can be sure to be as safe as you were with
SP1. Great, don't you think?

-=-=-=-[Sigue la conversacion en]: microsoft.public.es.windowsxp.seguridad


Filtrado por Meritos Propios (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


Como dice mi abuela: «La mala educacion no se quita ni con agua ni jabon.»

Preguntas similare

Leer las respuestas

#1 Anonimo
17/09/2004 - 23:52 | Informe spam
Como dice mi abuela: «La mala educacion no se quita ni con
agua ni jabon.»

...Y como el cuervo no se ha bañado en toda su vida.
Respuesta Responder a este mensaje
#2 Bartolome Lechado
18/09/2004 - 00:00 | Informe spam
Sabes que en la conexion de red que va al router / modem de ADSL, marcado,
etc, siempre se deben desactivar todas las casillas menos la del TCP/IP para
que el ordenador sea seguro?, por lo tanto, con esa simple accion, todo lo
que pone el articulo queda sin valor, y eso no es del XP, viene desde el
windows 98.

Y si te asalta la duda sobre el porque entonces windows las activa, tambien
te lo explico, windows configura una conexion de red "standard" para el uso
en una red sin diferenciar si esta sale a internet o no. Particularmente,
creo que MS, si deberia de hacer esa diferenciacion a la hora de configurar
la red haciendo una o dos preguntas sobre el uso a que se va a destinar esa
conexion, y en base a eso configurarla de una forma u otra.

Sugerencia que se queda para el proximo SP o para el Longhorn


"Ille Corvus" wrote in message
news:
PC-WELT discovers and fixes serious security issue in Windows XP SP2
http://www.pcwelt.de/know-how/extras/103039/

Traduccion Automatica



http://translate.google.com/transla...mp;oe=UTF8

Informacion extraida del enlace (ver mas ariba):

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-> "Windows XP Service Pack 2 with Advanced Security Technologies helps
you protect your PC against viruses, hackers, and worms." - this is
how Microsoft promotes its Service Pack 2 on its website. What the
company does not say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet user to have a
look around your PC.

As soon as you install SP2 on a Windows XP PC with a certain
configuration, your file and printer sharing data are visible
worldwide, despite an activated Firewall. This also applies to all
other services. The PC only has to provide sharing for an internal
local network and connect to the Internet via dial-up or ISDN. Users
of DSL services are also affected, if a firewall is not integrated
into the DSL modem or a common modem instead of a DSL router is used.
Additionally, Internet Connection Sharing of the PC has to be
disabled.

A number of test scans run by PC-Welt revealed that this in fact is a
common configuration and not a rare sight. Without great effort, we
were able to discover private documents on easily accessible computers
on the Internet. It must be assumed, that these users wrongly believe
they are safe and that their sharing configurations are only visible
in their network at home: Often, we did not even encounter password
protection.

Already Windows 95 affected by a similar problem

Experienced Windows users may remember that there was a similar
problem in the past, specifically with Windows 95. Back then,
Microsoft forgot to separate file and printer sharing from the dial-up
network adapter when such a connection was configured.

In other words, this caused the service to be released worldwide
through the dial-up connection as soon as you were connected to the
Internet. Microsoft at that time issued an update to patch the bug.
The fact that file and printer sharing since then is not connected to
the dial-up connection anymore, can easily be seen on your system:
Right-click on the symbol "My Network Places" and select "Properties".
Repeat the right-click and selection with the icon of your dial-up
connection and select the tab "Settings". If there is no check at
"File and Printer Sharing", it indicates that this service should not
be made available through your dial-up connection.

This in fact is true for Windows XP without Service Pack. Since SP1,
this configuration is hardly more than cosmetics and does not serve
any purpose anymore. This means, the file and printer sharing service
is connected in general, also to the dial-up network adapter. This in
itself is a serious bug, since your shared data potentially could be
seen on the Internet. However, there are no catastrophic effects, as
every dial-up connection is configured with an activated firewall by
default.

If you intended to deactivate this firewall, Windows displayed an
easily recognizable dialog, that this choice would allow access to
your computer. Despite the bug in SP1, the configuration of the
firewall was worked out in a clean way: You were able to run the
dial-up connection with a firewall and the internal network card
without, because the latter was supposed to enable access through the
Windows network.

SP1 + SP2 leads to a catastrophic error

Due to the bug carried over from SP1 as well as a new bug, the
firewall configuration with SP2 has a catastrophic effect. The SP2
installation simply uses the previous configuration of the firewall:
If it was active for the dial-up connection, now it also has been
activated for the network adapter.

At the same time, an exception is determined for file and printer
sharing: For the internal network card - and astonishingly also for
all adapters.

With the first use of the dial-up connection after installing SP2, all
of your shared data are available on the Internet. Now, other users
can start guessing your passwords for administrator and guest and you
basically are no more secure than the first Windows 95 users with an
Internet connection - thanks to Service Pack 2.

How to correct the problem

It is not advisable to keep this defective default configuration.
However, the previous environment cannot be restored: The
configuration for the firewall was changed, which does not allow the
setting of active or inactive conditions or exceptions for each
network adapter anymore. Now this only works for network areas.

Choose "Windows Firewall" in the in the Windows Control Panel and the
there the tab "Exceptions". Select "File and Print Services" and click
on "Edit". Now you can see four ports which are used by the file and
print sharing service.

To lock the service to the outside and keep it open for the internal
LAN, you have to individually select and change its area with the
respective button. Our reader Yves Jerschov notified us of another
bug: The value for the area set by default "Only for own network
(Subnet)" only works, if the Internet Connection Sharing is activated.
If this is not the case, your shared data are visible worldwide. This
error can be corrected by choosing "User defined List" and entering
the IP addresses that are supposed to have access - the IP addresses
of your LAN. A whole range of an IP area can be entered as
"192.168.x.0/255.255.255.0", if the respective addresses start with
192.168.x.

After these measures, you can be sure to be as safe as you were with
SP1. Great, don't you think?

-=-=-=-> [Sigue la conversacion en]: microsoft.public.es.windowsxp.seguridad


Filtrado por Meritos Propios (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


Como dice mi abuela: «La mala educacion no se quita ni con agua ni jabon.»
Respuesta Responder a este mensaje
#3 Anonimo
18/09/2004 - 00:34 | Informe spam
¡¡PRRRRRRRRRRRRRRRRRR!! Si, es una ventosidad dedicada
hacia vd. en agradecimiento por su noticia

Que pase un buen dia

PC-WELT discovers and fixes serious security issue in


Windows XP SP2
http://www.pcwelt.de/know-how/extras/103039/

Traduccion Automatica
http://translate.google.com/transla...ttp%3A%2F%


2Fwww.pcwelt.de%2Fknow-how%2Fextras%2F103039%
2F&langpair=en%7Ces&hl=es&ie=UTF8&oe=UTF8

Informacion extraida del enlace (ver mas ariba):

-=-=-=-=-=-=-=-=-=-=-=-=-=-=->"Windows XP Service Pack 2 with Advanced Security


Technologies helps
you protect your PC against viruses, hackers, and


worms." - this is
how Microsoft promotes its Service Pack 2 on its


website. What the
company does not say: Instead of viruses, worms, and


hackers, the
supposedly safe SP2 for Windows XP invites any Internet


user to have a
look around your PC.

As soon as you install SP2 on a Windows XP PC with a


certain
configuration, your file and printer sharing data are


visible
worldwide, despite an activated Firewall. This also


applies to all
other services. The PC only has to provide sharing for


an internal
local network and connect to the Internet via dial-up or


ISDN. Users
of DSL services are also affected, if a firewall is not


integrated
into the DSL modem or a common modem instead of a DSL


router is used.
Additionally, Internet Connection Sharing of the PC has


to be
disabled.

A number of test scans run by PC-Welt revealed that this


in fact is a
common configuration and not a rare sight. Without great


effort, we
were able to discover private documents on easily


accessible computers
on the Internet. It must be assumed, that these users


wrongly believe
they are safe and that their sharing configurations are


only visible
in their network at home: Often, we did not even


encounter password
protection.

Already Windows 95 affected by a similar problem

Experienced Windows users may remember that there was a


similar
problem in the past, specifically with Windows 95. Back


then,
Microsoft forgot to separate file and printer sharing


from the dial-up
network adapter when such a connection was configured.

In other words, this caused the service to be released


worldwide
through the dial-up connection as soon as you were


connected to the
Internet. Microsoft at that time issued an update to


patch the bug.
The fact that file and printer sharing since then is not


connected to
the dial-up connection anymore, can easily be seen on


your system:
Right-click on the symbol "My Network Places" and


select "Properties".
Repeat the right-click and selection with the icon of


your dial-up
connection and select the tab "Settings". If there is no


check at
"File and Printer Sharing", it indicates that this


service should not
be made available through your dial-up connection.

This in fact is true for Windows XP without Service


Pack. Since SP1,
this configuration is hardly more than cosmetics and


does not serve
any purpose anymore. This means, the file and printer


sharing service
is connected in general, also to the dial-up network


adapter. This in
itself is a serious bug, since your shared data


potentially could be
seen on the Internet. However, there are no catastrophic


effects, as
every dial-up connection is configured with an activated


firewall by
default.

If you intended to deactivate this firewall, Windows


displayed an
easily recognizable dialog, that this choice would allow


access to
your computer. Despite the bug in SP1, the configuration


of the
firewall was worked out in a clean way: You were able to


run the
dial-up connection with a firewall and the internal


network card
without, because the latter was supposed to enable


access through the
Windows network.

SP1 + SP2 leads to a catastrophic error

Due to the bug carried over from SP1 as well as a new


bug, the
firewall configuration with SP2 has a catastrophic


effect. The SP2
installation simply uses the previous configuration of


the firewall:
If it was active for the dial-up connection, now it also


has been
activated for the network adapter.

At the same time, an exception is determined for file


and printer
sharing: For the internal network card - and


astonishingly also for
all adapters.

With the first use of the dial-up connection after


installing SP2, all
of your shared data are available on the Internet. Now,


other users
can start guessing your passwords for administrator and


guest and you
basically are no more secure than the first Windows 95


users with an
Internet connection - thanks to Service Pack 2.

How to correct the problem

It is not advisable to keep this defective default


configuration.
However, the previous environment cannot be restored: The
configuration for the firewall was changed, which does


not allow the
setting of active or inactive conditions or exceptions


for each
network adapter anymore. Now this only works for network


areas.

Choose "Windows Firewall" in the in the Windows Control


Panel and the
there the tab "Exceptions". Select "File and Print


Services" and click
on "Edit". Now you can see four ports which are used by


the file and
print sharing service.

To lock the service to the outside and keep it open for


the internal
LAN, you have to individually select and change its area


with the
respective button. Our reader Yves Jerschov notified us


of another
bug: The value for the area set by default "Only for own


network
(Subnet)" only works, if the Internet Connection Sharing


is activated.
If this is not the case, your shared data are visible


worldwide. This
error can be corrected by choosing "User defined List"


and entering
the IP addresses that are supposed to have access - the


IP addresses
of your LAN. A whole range of an IP area can be entered


as
"192.168.x.0/255.255.255.0", if the respective addresses


start with
192.168.x.

After these measures, you can be sure to be as safe as


you were with
SP1. Great, don't you think?

-=-=-=->[Sigue la conversacion en]:


microsoft.public.es.windowsxp.seguridad


Filtrado por Meritos Propios (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


Como dice mi abuela: «La mala educacion no se quita ni


con agua ni jabon.»
.

Respuesta Responder a este mensaje
#4 Zephryn Xirdal
18/09/2004 - 09:50 | Informe spam
Ille, no sé bien de qué va el asunto. Es que el inglés se me da mal. ¿Me
explicas tu el grandisimo problema que hay con el SP2?

Es que la traducción automática es mala de cojones.


La calumnia siempre es sencilla y verosà­mil.
***************************************************************
* Pow. by zxFortune http://sourceforge.net/projects/zxfortune *
* Put a fortune in your live. It's free, it's good, it's GPL *
***************************************************************

"Ille Corvus" escribió en el mensaje
news:
PC-WELT discovers and fixes serious security issue in Windows XP SP2
http://www.pcwelt.de/know-how/extras/103039/

Traduccion Automatica
http://translate.google.com/transla...mp;oe=UTF8

Informacion extraida del enlace (ver mas ariba):

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-> "Windows XP Service Pack 2 with Advanced Security Technologies helps
you protect your PC against viruses, hackers, and worms." - this is
how Microsoft promotes its Service Pack 2 on its website. What the
company does not say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet user to have a
look around your PC.

As soon as you install SP2 on a Windows XP PC with a certain
configuration, your file and printer sharing data are visible
worldwide, despite an activated Firewall. This also applies to all
other services. The PC only has to provide sharing for an internal
local network and connect to the Internet via dial-up or ISDN. Users
of DSL services are also affected, if a firewall is not integrated
into the DSL modem or a common modem instead of a DSL router is used.
Additionally, Internet Connection Sharing of the PC has to be
disabled.

A number of test scans run by PC-Welt revealed that this in fact is a
common configuration and not a rare sight. Without great effort, we
were able to discover private documents on easily accessible computers
on the Internet. It must be assumed, that these users wrongly believe
they are safe and that their sharing configurations are only visible
in their network at home: Often, we did not even encounter password
protection.

Already Windows 95 affected by a similar problem

Experienced Windows users may remember that there was a similar
problem in the past, specifically with Windows 95. Back then,
Microsoft forgot to separate file and printer sharing from the dial-up
network adapter when such a connection was configured.

In other words, this caused the service to be released worldwide
through the dial-up connection as soon as you were connected to the
Internet. Microsoft at that time issued an update to patch the bug.
The fact that file and printer sharing since then is not connected to
the dial-up connection anymore, can easily be seen on your system:
Right-click on the symbol "My Network Places" and select "Properties".
Repeat the right-click and selection with the icon of your dial-up
connection and select the tab "Settings". If there is no check at
"File and Printer Sharing", it indicates that this service should not
be made available through your dial-up connection.

This in fact is true for Windows XP without Service Pack. Since SP1,
this configuration is hardly more than cosmetics and does not serve
any purpose anymore. This means, the file and printer sharing service
is connected in general, also to the dial-up network adapter. This in
itself is a serious bug, since your shared data potentially could be
seen on the Internet. However, there are no catastrophic effects, as
every dial-up connection is configured with an activated firewall by
default.

If you intended to deactivate this firewall, Windows displayed an
easily recognizable dialog, that this choice would allow access to
your computer. Despite the bug in SP1, the configuration of the
firewall was worked out in a clean way: You were able to run the
dial-up connection with a firewall and the internal network card
without, because the latter was supposed to enable access through the
Windows network.

SP1 + SP2 leads to a catastrophic error

Due to the bug carried over from SP1 as well as a new bug, the
firewall configuration with SP2 has a catastrophic effect. The SP2
installation simply uses the previous configuration of the firewall:
If it was active for the dial-up connection, now it also has been
activated for the network adapter.

At the same time, an exception is determined for file and printer
sharing: For the internal network card - and astonishingly also for
all adapters.

With the first use of the dial-up connection after installing SP2, all
of your shared data are available on the Internet. Now, other users
can start guessing your passwords for administrator and guest and you
basically are no more secure than the first Windows 95 users with an
Internet connection - thanks to Service Pack 2.

How to correct the problem

It is not advisable to keep this defective default configuration.
However, the previous environment cannot be restored: The
configuration for the firewall was changed, which does not allow the
setting of active or inactive conditions or exceptions for each
network adapter anymore. Now this only works for network areas.

Choose "Windows Firewall" in the in the Windows Control Panel and the
there the tab "Exceptions". Select "File and Print Services" and click
on "Edit". Now you can see four ports which are used by the file and
print sharing service.

To lock the service to the outside and keep it open for the internal
LAN, you have to individually select and change its area with the
respective button. Our reader Yves Jerschov notified us of another
bug: The value for the area set by default "Only for own network
(Subnet)" only works, if the Internet Connection Sharing is activated.
If this is not the case, your shared data are visible worldwide. This
error can be corrected by choosing "User defined List" and entering
the IP addresses that are supposed to have access - the IP addresses
of your LAN. A whole range of an IP area can be entered as
"192.168.x.0/255.255.255.0", if the respective addresses start with
192.168.x.

After these measures, you can be sure to be as safe as you were with
SP1. Great, don't you think?

-=-=-=-> [Sigue la conversacion en]: microsoft.public.es.windowsxp.seguridad


Filtrado por Meritos Propios (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


Como dice mi abuela: «La mala educacion no se quita ni con agua ni jabon.»
Respuesta Responder a este mensaje
#5 Zephryn Xirdal
18/09/2004 - 12:35 | Informe spam
Jo, me has estropeado la charada, leches.

Iba a reirme un rato del cuervo.

En mi ordenador viene por defecto bien configurado todo eso; además, eso no
es un "SERIO agujero de Seguridad", es simplemente una posible
vulnerabilidad... si se diera el caso de algún fallo del RPC o similar.

En linux pasa lo mismo. Con el driver CUPS la impresora queda disponible
para todo internet a no ser que configures bien el asunto.


Un agujero de seguridad en un problema en un software que permite, fuera de
especificaciones, el acceso/rotura/acción sobre un sistema sin estar
autorizado. En este caso eso está especificado así, si no lo quieres, lo
tapas, aunque al menos en mi caso ya está tapado de serie (es una de las
primeras cosas que miré, pues comparto la tarjeta de red con el VirutalPC).

Y coincido con JMT que no vale la pena ni siquiera mirar lo que pone la
cuerva, encima de que no se entera un pijo, confunde el tocino con la
velocidad.


La calumnia siempre es sencilla y verosà­mil.
***************************************************************
* Pow. by zxFortune http://sourceforge.net/projects/zxfortune *
* Put a fortune in your live. It's free, it's good, it's GPL *
***************************************************************

"Bartolome Lechado" escribió en el mensaje
news:
Sabes que en la conexion de red que va al router / modem de ADSL, marcado,
etc, siempre se deben desactivar todas las casillas menos la del TCP/IP
para
que el ordenador sea seguro?, por lo tanto, con esa simple accion, todo lo
que pone el articulo queda sin valor, y eso no es del XP, viene desde el
windows 98.

Y si te asalta la duda sobre el porque entonces windows las activa,
tambien
te lo explico, windows configura una conexion de red "standard" para el
uso
en una red sin diferenciar si esta sale a internet o no. Particularmente,
creo que MS, si deberia de hacer esa diferenciacion a la hora de
configurar
la red haciendo una o dos preguntas sobre el uso a que se va a destinar
esa
conexion, y en base a eso configurarla de una forma u otra.

Sugerencia que se queda para el proximo SP o para el Longhorn


"Ille Corvus" wrote in message
news:
PC-WELT discovers and fixes serious security issue in Windows XP SP2
http://www.pcwelt.de/know-how/extras/103039/

Traduccion Automatica



http://translate.google.com/transla...mp;oe=UTF8

Informacion extraida del enlace (ver mas ariba):

-=-=-=-=-=-=-=-=-=-=-=-=-=-=->> "Windows XP Service Pack 2 with Advanced Security Technologies helps
you protect your PC against viruses, hackers, and worms." - this is
how Microsoft promotes its Service Pack 2 on its website. What the
company does not say: Instead of viruses, worms, and hackers, the
supposedly safe SP2 for Windows XP invites any Internet user to have a
look around your PC.

As soon as you install SP2 on a Windows XP PC with a certain
configuration, your file and printer sharing data are visible
worldwide, despite an activated Firewall. This also applies to all
other services. The PC only has to provide sharing for an internal
local network and connect to the Internet via dial-up or ISDN. Users
of DSL services are also affected, if a firewall is not integrated
into the DSL modem or a common modem instead of a DSL router is used.
Additionally, Internet Connection Sharing of the PC has to be
disabled.

A number of test scans run by PC-Welt revealed that this in fact is a
common configuration and not a rare sight. Without great effort, we
were able to discover private documents on easily accessible computers
on the Internet. It must be assumed, that these users wrongly believe
they are safe and that their sharing configurations are only visible
in their network at home: Often, we did not even encounter password
protection.

Already Windows 95 affected by a similar problem

Experienced Windows users may remember that there was a similar
problem in the past, specifically with Windows 95. Back then,
Microsoft forgot to separate file and printer sharing from the dial-up
network adapter when such a connection was configured.

In other words, this caused the service to be released worldwide
through the dial-up connection as soon as you were connected to the
Internet. Microsoft at that time issued an update to patch the bug.
The fact that file and printer sharing since then is not connected to
the dial-up connection anymore, can easily be seen on your system:
Right-click on the symbol "My Network Places" and select "Properties".
Repeat the right-click and selection with the icon of your dial-up
connection and select the tab "Settings". If there is no check at
"File and Printer Sharing", it indicates that this service should not
be made available through your dial-up connection.

This in fact is true for Windows XP without Service Pack. Since SP1,
this configuration is hardly more than cosmetics and does not serve
any purpose anymore. This means, the file and printer sharing service
is connected in general, also to the dial-up network adapter. This in
itself is a serious bug, since your shared data potentially could be
seen on the Internet. However, there are no catastrophic effects, as
every dial-up connection is configured with an activated firewall by
default.

If you intended to deactivate this firewall, Windows displayed an
easily recognizable dialog, that this choice would allow access to
your computer. Despite the bug in SP1, the configuration of the
firewall was worked out in a clean way: You were able to run the
dial-up connection with a firewall and the internal network card
without, because the latter was supposed to enable access through the
Windows network.

SP1 + SP2 leads to a catastrophic error

Due to the bug carried over from SP1 as well as a new bug, the
firewall configuration with SP2 has a catastrophic effect. The SP2
installation simply uses the previous configuration of the firewall:
If it was active for the dial-up connection, now it also has been
activated for the network adapter.

At the same time, an exception is determined for file and printer
sharing: For the internal network card - and astonishingly also for
all adapters.

With the first use of the dial-up connection after installing SP2, all
of your shared data are available on the Internet. Now, other users
can start guessing your passwords for administrator and guest and you
basically are no more secure than the first Windows 95 users with an
Internet connection - thanks to Service Pack 2.

How to correct the problem

It is not advisable to keep this defective default configuration.
However, the previous environment cannot be restored: The
configuration for the firewall was changed, which does not allow the
setting of active or inactive conditions or exceptions for each
network adapter anymore. Now this only works for network areas.

Choose "Windows Firewall" in the in the Windows Control Panel and the
there the tab "Exceptions". Select "File and Print Services" and click
on "Edit". Now you can see four ports which are used by the file and
print sharing service.

To lock the service to the outside and keep it open for the internal
LAN, you have to individually select and change its area with the
respective button. Our reader Yves Jerschov notified us of another
bug: The value for the area set by default "Only for own network
(Subnet)" only works, if the Internet Connection Sharing is activated.
If this is not the case, your shared data are visible worldwide. This
error can be corrected by choosing "User defined List" and entering
the IP addresses that are supposed to have access - the IP addresses
of your LAN. A whole range of an IP area can be entered as
"192.168.x.0/255.255.255.0", if the respective addresses start with
192.168.x.

After these measures, you can be sure to be as safe as you were with
SP1. Great, don't you think?

-=-=-=->> [Sigue la conversacion en]: microsoft.public.es.windowsxp.seguridad


Filtrado por Meritos Propios (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


Como dice mi abuela: «La mala educacion no se quita ni con agua ni
jabon.»




Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaSiguiente Respuesta Tengo una respuesta
Search Busqueda sugerida