14 DAY TRIAL // With the computer's line of defense compromised, ensuing attacks will exploit the situation to fully compromise an exposed system. Reports have emerged from the detection of proof of concept code in the wild for a vulnerability inherent to Windows XP machines running Windows Internet Connection Service.
"We have received a report that a DoS exploit has been released that targets ipnathlp.dll, which is used by the Windows Firewall/Internet Connection Sharing (ICS) service. We also received a report that the exploit works against a fully patched XP SP2 system (Tyler Reguly of nCircle / blogs.nCircle.com submitted the report, some of his report information is below)," revealed SANS Internet Storm Center.
The NAT Helper Components (ipnathlp.dll) 0day Remote DoS Exploit is connected to Windows XP systems with Internet Connection Sharing. An attacker on the shared interface can disable the Windows Firewall. In the case of a successful attack, the operating system will display the following message: "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." The vulnerability was confirmed on fully patched Windows XP Service Pack 2 systems. Microsoft has failed to comment the reports as yet.