Experts downplay Windows XP vulnerability

By

Security firms say ICS flaw is not a major concern.

Experts downplay Windows XP vulnerability
A recently discovered vulnerability in Windows XP that could lead to an attacker disabling a user's firewall is being downplayed by security experts who say that the flaw is "obscure" and "easily fixable".

The vulnerability lies within the Windows Internet Connection Service (ICS), a component that lets users share one computer's internet connection with other machines on a local area network (Lan).

When the ICS component crashes, the Windows Firewall is disabled as well, leaving the system vulnerable to attack, according to security company nCircle. The firm suggests disabling ICS to mitigate the risk. 

However, blogger George Ou at TechRepublic was critical of nCircle's solution, claiming that disabling ICS would also disable the Windows Firewall. 

The vulnerability itself is not a major problem either, according to security company Sunbelt Software.

Alex Eckelberry, president of Sunbelt Software, maintained that most users do not even use the ICS component.

He also pointed out that the attack would have to take place from a computer within the Lan, and that the vulnerability is not exploitable by any outside attack methods such as specially-crafted web pages or emails.

Sunbelt, Ou and security company Secunia all offer a simple fix for the vulnerability by using a router to share internet connections on a Lan rather than relying on ICS.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
downplayexpertssecurityvulnerabilitywindowsxp

Sponsored Whitepapers

Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom, Microsoft, and AMD Ryzen™ AI PCs
Futureproof Your Business with Datacom, Microsoft, and AMD Ryzen™ AI PCs
See everything. Do more.
See everything. Do more.

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?