DoS exploit for Windows XP firewall, ICS in the wild

By
Follow google news

Windows XP platforms running a shared internet access service are at risk from an in-the-wild remote DoS exploit, vulnerability management firm nCircle reported Sunday.


"When the (additional information) section of the DNS Datagram contains two null bytes, an error occurs at the instruction "mov dl, eax," nCircle's Tyler Reguly said on the company blog. "This causes the service and its host process (svchost.exe) to die."
The attack exploits the Windows Firewall/Internet Connection Sharing Service (ICS), according to researcher Patrick Nolan, posting on the SANS Internet Storm Center website.
ICS lets a Windows computer share its internet connection with other computers running on local area networks. It provides "network address translation between the public and private networks. ICS also provides DHCP (dynamic host configuration protocol) for the private network," according to the Microsoft Windows Server TechCenter website.
Reguly said disabling ICS can help solve the vulnerability. Users can determine whether they are running the service by typing ‘sc query sharedaccess' at a command prompt, according to SANS.
A Microsoft spokesperson told SCMagazine.com today that the Redmond, Wash. firm is not aware of any attacks using the exploit, which only affects Windows XP users with ICS enabled.
Click here to email Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
dosexploitfirewallforicsinsecuritythewildwindowsxp

Sponsored Whitepapers

Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
The cloud tipping point
The cloud tipping point

Events

Most Read Articles

ServiceNow nears deal to buy cyber security startup

ServiceNow nears deal to buy cyber security startup
NSW Health clinicians "normalise" bypass of cyber security controls

NSW Health clinicians "normalise" bypass of cyber security controls
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Services Australia may get powers to rein in data breach exposure

Services Australia may get powers to rein in data breach exposure
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?