December 16, 2004 5:05 PM PST

Microsoft posts critical configuration patch

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Microsoft patches spell happy holidays
December 14, 2004; Microsoft sends security update to home PCs
August 19, 2004; Microsoft moves beyond patches
October 1, 2003

Microsoft released a "critical" fix on Thursday for a security issue left unresolved by the Windows XP Service Pack 2.

The configuration change closed a hole in the Windows firewall settings that could open up PCs to attack if the machines had been set to share files or a printer with the local network, said Gary Schare, director of product management for Windows.

"The firewall that we shipped in Service Pack 2 was much better than before, but security could be tightened even further," he said. "We told people (in September) that we would issue a software update and now we have."

The hole could allow anyone to access a PC that has its file sharing exceptions set up in the Windows XP SP2 firewall. The problem affects only those who use dialing software to connect to the Internet, Microsoft indicated in a Knowledge Base article on its Web site.

Microsoft did not classify the configuration issue as a software vulnerability and so did not distribute the configuration update with the patches it released earlier this week, Schare said. In fact, the security group did not handle the issue; the Windows product group did.

"We didn't do as good a job as we intended getting this out," he said. "This fell between the teams. The security team said it wasn't a vulnerability, so we don't handle it, and the product people said they are not used to meeting the monthly update schedule."

Microsoft's Schare said some users complained that the posting of the configuration change wasn't obvious. The company will likely better highlight such bulletins to Windows users in the future.

"We have a process in putting these up," Schare said. "We followed the process, but now we are looking to see if we can do more."

Windows XP users who use Windows update will automatically download the configuration changes.

See more CNET content tagged:
Service Pack 2, Microsoft Windows XP Service Pack 2, firewall, file-sharing, service pack

Add a Comment (Log in or register) 2 comments

Well whatever they did it sacked my computer
by Jonathan December 16, 2004 8:40 PM PST: My desktop system is for all intents and purposes dead. I can't login at all. I try signing it and before I even see the GUI load it signs me out which makes me think netlogin is hosed. And before I get the typical tech adv I am a tech. I've tried all the usual MO. Safe mode command line / recov cons disable the usual suspect services / checked the event logs from my laptop. Might try restoring the SAM next. The system is toast. Thanks MS for making a POS update.; Reply to this comment View reply
Processing

Latest tech news headlines

Security firm spots Chrome 'SaveAs' flaw
Posted in News - Security by Jonathan Skillings

September 6, 2008 11:33 AM PDT
At 10 years old, whither Google?
Posted in News - Digital Media by CBS Interactive staff

September 6, 2008 10:15 AM PDT
Mozilla releases second Firefox 3.1 alpha
Posted in Webware by Renai LeMay

September 6, 2008 8:27 AM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Outside the Lines
EIC Squared: Chrome, iPods, and a Dell-Salesforce union
On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
At 10 years old, whither Google?
Daniel Sieberg of CBS News looks at how the company grew exponentially from start-up to superstar and part of our culture, but what's ahead?
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Webware
Mozilla releases second Firefox 3.1 alpha
Added features include support for a new video tag element introduced with the HTML 5 standard, along with some speed enhancements.
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.