Executive Summary

Summary
Title Windows Firewall Exception May Not Display in the User Interface
Informations
Name KB897663 First vendor Publication 2005-08-31
Vendor Microsoft Last vendor Modification 2005-08-31
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has received a report of an unexpected behavior in the way that the Windows Firewall User Interface handles malformed entries in the Windows Registry. By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall that would not be displayed in the Windows Firewall User Interface.However, this exception is displayed by the command line firewall administration tools.

It is important to note that this is not a vulnerability. Administrative privileges are required to access the associated section of the Windows Registry that contains this configuration information.By using documented methods to manage and create Windows Firewall exceptions, it is unlikely that a malformed registry entry will be produced which would exhibit this behavior.It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user.

Microsoft plans to include an update to address this concern as part of a future service pack on the affected supported platforms.

What is the scope of the advisory?
This advisory addresses a concern about unexpected behavior in the way the Windows Firewall User Interfaces handles malformed entries in the Windows Registry.By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall which would not be displayed in the Windows Firewall User Interface. Administrative privileges are required to access the associated section of the Windows Registry which contains this configuration information.

Is this a security vulnerability that requires Microsoft to issue a security update?
Although this is not a security vulnerability, this non-security update was issued to provide users a way to display malformed Windows Firewall configuration registry entries. For more information about Windows Firewall, see the following Web site.

What causes this issue?
The way that the Windows Firewall User Interface handles some malformed registry entries.

What is a Windows Firewall exception?
By default, the Windows Firewall blocks incoming network connections.Administrators can allow inbound network connections by creating an exception in the Windows Firewall configuration to allow access to network services running on the machine.

What is the impact of this issue?
This issue cannot be used to compromise a system.If a system has already been compromised by some other method, this issue could be used as an attempt to hide exceptions in the firewall.However, the command line tools listed in the “Suggested Actions” section of this advisory would correctly display the exceptions.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/897663.mspx

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
19287 Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness

Microsoft Windows Firewall contains a flaw that may allow a malicious local user, with administrative privileges, to hide firewall ruleset information. The issue is triggered by a specially crafted Windows Firewall exception entry in the Windows Registry. It is possible that the flaw may not allow firewall exception entries to be displayed in the Windows firewall graphical user interface, resulting in a loss of integrity. The command line firewall administration tool "Netsh" is not affected by this issue