Detailed exploit code for a Windows XP security vulnerability has been published on the Internet, offering a roadmap for hackers to disable the firewall embedded in the operating system. Microsoft on Oct. 31 confirmed it is investigating the issue, which targets ICS (Internet Connection Sharing), a feature in Windows XP that lets users share a dial-up or broadband connection with other users on a home network.
A spokesperson for the Redmond, Wash., software giant said the risk is minimized because ICS is disabled by default in Windows XP. "In addition, once enabled, an attacker could only attempt to exploit this issue from the user"s local network: It cannot be remotely exploited," the spokesperson said in a statement sent to eWEEK.