Version: 2008
  • On MovieTome: X-Men: First Class' shooting next year?
advertisementGet Smart about Business Spending

December 16, 2004 5:05 PM PST

Microsoft posts critical configuration patch

By Robert Lemos
Staff Writer, CNET News

  • 2 comments
Related Stories

Microsoft patches spell happy holidays

 December 14, 2004

Microsoft sends security update to home PCs

 August 19, 2004

Microsoft moves beyond patches

 October 1, 2003
Microsoft released a "critical" fix on Thursday for a security issue left unresolved by the Windows XP Service Pack 2.

The configuration change closed a hole in the Windows firewall settings that could open up PCs to attack if the machines had been set to share files or a printer with the local network, said Gary Schare, director of product management for Windows.

"The firewall that we shipped in Service Pack 2 was much better than before, but security could be tightened even further," he said. "We told people (in September) that we would issue a software update and now we have."

The hole could allow anyone to access a PC that has its file sharing exceptions set up in the Windows XP SP2 firewall. The problem affects only those who use dialing software to connect to the Internet, Microsoft indicated in a Knowledge Base article on its Web site.

Microsoft did not classify the configuration issue as a software vulnerability and so did not distribute the configuration update with the patches it released earlier this week, Schare said. In fact, the security group did not handle the issue; the Windows product group did.

"We didn't do as good a job as we intended getting this out," he said. "This fell between the teams. The security team said it wasn't a vulnerability, so we don't handle it, and the product people said they are not used to meeting the monthly update schedule."

Microsoft's Schare said some users complained that the posting of the configuration change wasn't obvious. The company will likely better highlight such bulletins to Windows users in the future.

"We have a process in putting these up," Schare said. "We followed the process, but now we are looking to see if we can do more."

Windows XP users who use Windows update will automatically download the configuration changes.

See more CNET content tagged:
file-sharing, security, service pack, Service Pack 2, Microsoft Windows XP Service Pack 2

Add a Comment (Log in or register)
Well whatever they did it sacked my computer
by Jonathan December 16, 2004 8:40 PM PST
My desktop system is for all intents and purposes dead. I can't login at all. I try signing it and before I even see the GUI load it signs me out which makes me think netlogin is hosed. And before I get the typical tech adv I am a tech. I've tried all the usual MO. Safe mode command line / recov cons disable the usual suspect services / checked the event logs from my laptop. Might try restoring the SAM next. The system is toast. Thanks MS for making a POS update.
Reply to this comment
What I do
by lameth December 17, 2004 3:46 PM PST
Usually in thsoe circumstances...I'll just boot to linux..see if that helps
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Microsoft (0.00%) 0.00 29.12
Dow Jones Industrials (0.00%) 0.00 10,291.26
S&P 500 (0.00%) 0.00 1,098.51
NASDAQ (0.00%) 0.00 2,166.90
CNET TECH (0.00%) 0.00 1,579.76
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET