Windows Firewall Flaw No Vulnerability, Says Microsoft

Although Microsoft doesn't consider the bug a security vulnerability -- an attacker can't manipulate the Firewall unless he has already compromised the computer using other methods -- it posted a fix for users to download.

According to the advisory published Wednesday, the Firewall may not accurately report open ports in its usual graphical interface when those ports have been opened by editing the Windows Registry.

"It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user," Microsoft said in the advisory.

An accurate view of port status can be obtained by using a command-line tool, the Redmond, Wash.-based developer noted. Other information has been published in a document within Microsoft's support database.

id
unit-1659132512259
type
Sponsored post

The fix currently available for download will be rolled into a future Windows service pack, the company said.