Detailed
exploit code for a Windows XP security vulnerability has been published on
the Internet, offering a roadmap for hackers to disable the firewall embedded in
the operating system.
Microsoft on Oct. 31 confirmed it is investigating the issue, which targets
ICS (Internet Connection Sharing), a feature in Windows XP that lets users share
a dial-up or broadband connection with other users on a home network.
Security alerts aggregator Secunia rates the bug as "less critical" and
recommends that Windows XP users find an alternative way to share the Internet
connection. The vulnerability is caused due to a NULL pointer dereference error
in Windows NAT Helper Components (ipnathlp.dll) and can be exploited to crash
the service via a specially crafted DNS query.