cancel
Showing results for 
Search instead for 
Did you mean: 

XP sp2 can leave your pc wide open.

N/A

XP sp2 can leave your pc wide open.

"Windows XP Service Pack 2 with Advanced Security Technologies helps you protect your PC against viruses, hackers, and worms." - this is how Microsoft promotes its Service Pack 2 on its website. What the company does not say: Instead of viruses, worms, and hackers, the supposedly safe SP2 for Windows XP invites any Internet user to have a look around your PC.




As soon as you install SP2 on a Windows XP PC with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall. This also applies to all other services. The PC only has to provide sharing for an internal local network and connect to the Internet via dial-up or ISDN. Users of DSL services are also affected, if a firewall is not integrated into the DSL modem or a common modem instead of a DSL router is used. Additionally, Internet Connection Sharing of the PC has to be disabled.




A number of test scans run by PC-Welt revealed that this in fact is a common configuration and not a rare sight. Without great effort, we were able to discover private documents on easily accessible computers on the Internet. It must be assumed, that these users wrongly believe they are safe and that their sharing configurations are only visible in their network at home: Often, we did not even encounter password protection.



Already Windows 95 affected by a similar problem


Experienced Windows users may remember that there was a similar problem in the past, specifically with Windows 95. Back then, Microsoft forgot to separate file and printer sharing from the dial-up network adapter when such a connection was configured.




In other words, this caused the service to be released worldwide through the dial-up connection as soon as you were connected to the Internet. Microsoft at that time issued an update to patch the bug. The fact that file and printer sharing since then is not connected to the dial-up connection anymore, can easily be seen on your system: Right-click on the symbol "My Network Places" and select "Properties". Repeat the right-click and selection with the icon of your dial-up connection and select the tab "Settings". If there is no check at "File and Printer Sharing", it indicates that this service should not be made available through your dial-up connection.




This in fact is true for Windows XP without Service Pack. Since SP1, this configuration is hardly more than cosmetics and does not serve any purpose anymore. This means, the file and printer sharing service is connected in general, also to the dial-up network adapter. This in itself is a serious bug, since your shared data potentially could be seen on the Internet. However, there are no catastrophic effects, as every dial-up connection is configured with an activated firewall by default.




If you intended to deactivate this firewall, Windows displayed an easily recognizable dialog, that this choice would allow access to your computer. Despite the bug in SP1, the configuration of the firewall was worked out in a clean way: You were able to run the dial-up connection with a firewall and the internal network card without, because the latter was supposed to enable access through the Windows network.



SP1 + SP2 leads to a catastrophic error


Due to the bug carried over from SP1 as well as a new bug, the firewall configuration with SP2 has a catastrophic effect. The SP2 installation simply uses the previous configuration of the firewall: If it was active for the dial-up connection, now it also has been activated for the network adapter.




At the same time, an exception is determined for file and printer sharing: For the internal network card - and astonishingly also for all adapters.




With the first use of the dial-up connection after installing SP2, all of your shared data are available on the Internet. Now, other users can start guessing your passwords for administrator and guest and you basically are no more secure than the first Windows 95 users with an Internet connection - thanks to Service Pack 2.



How to correct the problem


It is not advisable to keep this defective default configuration. However, the previous environment cannot be restored: The configuration for the firewall was changed, which does not allow the setting of active or inactive conditions or exceptions for each network adapter anymore. Now this only works for network areas.




Choose "Windows Firewall" in the in the Windows Control Panel and the there the tab "Exceptions". Select "File and Print Services" and click on "Edit". Now you can see four ports which are used by the file and print sharing service.




To lock the service to the outside and keep it open for the internal LAN, you have to individually select and change its area with the respective button. Our reader Yves Jerschov notified us of another bug: The value for the area set by default "Only for own network (Subnet)" only works, if the Internet Connection Sharing is activated. If this is not the case, your shared data are visible worldwide. This error can be corrected by choosing "User defined List" and entering the IP addresses that are supposed to have access - the IP addresses of your LAN. A whole range of an IP area can be entered as "192.168.x.0/255.255.255.0", if the respective addresses start with 192.168.x.




After these measures, you can be sure to be as safe as you were with SP1. Great, don't you think?

Moderators note (John) Topic moved to a more apt forum.
8 REPLIES
N/A

XP sp2 can leave your pc wide open.

what happens if you run a 3rd party firewall?

where did you get this info from, just so that I and others can keep an eye on any updates.

Cheers,

Aaron
N/A

XP sp2 can leave your pc wide open.

Have you tried the "x" in the IP address to indicate a range ?? Appears not be be acceptable.
Anyway, having a third party software firewall, my windows one is turned off anyway as M$ advise.
N/A

XP sp2 can leave your pc wide open.

Having looked at that, and some of the stuff still in SP2 that was supposed to be fixed (infact, some was fixed in SP1, SP2 re-enabled them), I have to say SP2 is a utter waste of programmers time.

SP2 was dalyed and delayed to death, and should not introduce any old bugs, only new ones.

I do have to ask the validity of the following comment.

Quote
The PC only has to provide sharing for an internal local network and connect to the Internet via dial-up or ISDN. Users of DSL services are also affected, if a firewall is not integrated into the DSL modem or a common modem instead of a DSL router is used


By default, most routers use NAT. This by itself would prevent such issues, and only when by accident, purposfully or as shipped, would rules allow wan-to-lan traffic to these ports.
painswck
Grafter
Posts: 449
Registered: 30-07-2007

XP sp2 can leave your pc wide open.

Surely the point being made that is although routers man incorporate a firewall a basic modem does not normally have this facility.

Roland

[Moderator's note (by Chris P.): Quote of previous post removed as this is unnecessary]
pcorker
Grafter
Posts: 309
Registered: 05-09-2007

File/Printer Sharing problem

I saw various posts about this and found these suggestions on grc.shieldsup newsgroup

1. Read 3. below first?

2. (Early suggestions)
You need to change the "scope" of the XP Firewall's rule for NetBios and
File/ Printer sharing _even_ if you run with the XP Firewall turned off.

To do that, bring up the Windows Firewall screen and click on
"Exceptions"... click on File and Printer Sharing and then click on
Edit. Click "Change Scope" in the popup Window... choose "My network
(subnet) only" then click OK to close each popup.

---did't work---

---- or -----

Totally disable the Windows Firewall in services.msc ....
(Windows Firewall turned off is not exactly the same as totally
disabling it, apparently... go figure)

--didn't try yet---

---- or -----

If you don't use File / Printer Sharing at all, then turn it off in XP
by going to Network Connections, right click the connection you use to
reach the Internet, click on Properties, click on Internet Protocol
(TCP/IP), click on Properties, click on Advanced, click on the WINS tab
and then select Disable NetBios over TCP/IP... then click on OK to close
each popup. Port 139 will not be opened by your system.

Let us know how it works out...
Le Flake
from deepest, darkest Québec


3. (Later suggestion)
Brian wrote:

> Success, used your third suggestion

Great...! Tho' I did find a less drastic solution...

Enable the Windows Firewall;
Go to Advanced settings and select default...
Disable any other firewall...
Go back to the Windows Firewall
Go to Exceptions and make sure File/Printer Sharing is unchecked

That stealthed TCP Port 139 and prevented a ping from being sent back to
GRC. The Scope settings in Windows Firewall appear to have a bug.
Tested on two separate XP SP2 computers.


--
Le Flake
from deepest, darkest Québec
pcorker
Grafter
Posts: 309
Registered: 05-09-2007

XP sp2 can leave your pc wide open.

I think that this link and selecting "proceed" then "All Service Ports" allows you to test your system's connection
https://www.grc.com/x/ne.dll?bh0bkyd2
N/A

XP sp2 can leave your pc wide open.

Quote
what happens if you run a 3rd party firewall?

where did you get this info from, just so that I and others can keep an eye on any updates.

Cheers,

Aaron



This article is on pcwelt http://www.pcwelt.de/know-how/extras/103039/
hope this helps.
N/A

XP sp2 can leave your pc wide open.

Thanks for that, AndyFran.

I already have a firewall in my router, which blocks access to the file and print sharing ports. However it does seem quite a slip up for Microsoft. I'm sure they'll release another patch.

Aaron