Microsoft made the OS firewall and someone broke it now

Crazy Steve baller Compared with past security flaws in Windows, this one is fairly benign. "Microsoft is getting better at recognizing the importance of security and the impact it has on the user experience, as well as the Internet as a whole," said Ron O'Brien, a senior security analyst with Sophos. "It's something they've taken to heart, and it is why I believe they are making such an effort now." A newly discovered but minor denial-of-service flaw in Windows XP could allow hackers to crash the operating system's firewall. However, the pool of affected computers appears relatively small. The security Get the Facts on BlackBerry Business Solutions vulnerability, which was first reported on Monday, targets the ICS (Internet Connection Sharing) service, a Windows XP feature that lets users share a dial-up or broadband connection with other users on a local area network. Using ICS has become a rather antiquated method for sharing an Internet connection. The attacker sends malware -- a malformed DNS query, specifically -- to a vulnerable PC, which causes ICS to shut down. In turn, Windows XP Firewall shuts down and this places the computer at risk. Preventing it PCs that are protected with outside security software should be fine, even with ICS enabled, Ron O'Brien, a senior security analyst with Sophos

Users who do not have an additional firewall could be vulnerable, Reguly added. "One thing to remember is that the ICS service is tied to the [Windows] firewall service. If ICS dies, so does your firewall."

It is difficult to imagine hackers trying to leverage the exploit, said O'Brien. "You can extrapolate that it is individual users relying on the OS for a firewall. Companies tend to have third-party protection and many layers of security." In other words, a hacker is unlikely to bother.