LiewCF Tech Blog

A weakness has been reported in Windows XP, which can be exploited to bypass certain rules in the Internet Connection Firewall (ICF).

The problem is caused due to the firewall by default accepting incoming connections to ports listened on by the “sessmgr.exe” process.

This can e.g. be exploited by malicious, unprivileged users to host an unauthorised service or by a trojan to accept incoming connections by starting “sessmgr.exe” and then inject malicious code into the running process.

…

Solution:
Uncheck “Remote Assistance” under the “Exceptions” tab for the ICF configuration.

Don’t rely solely on personal firewalls to prevent unauthorised Internet access.

[ Read more @ Secunia ]

Like this post? Please share:

Follow @liewcf on Twitter; Join Facebook page; Subscribe to free newsletter for updates like this article..