[InfoSecurity] Unpatched, Critical Flaw Found In Windows XP (updated)

Unpatched, Critical Flaw Found In Windows XP
Washington Post, 15 July 2005, Brian Krebs on Computer Security

Security researchers have uncovered a potentially serious security hole in Windows XP and Windows XP Professional that could allow skilled attackers to take over vulnerable computers, even PCs equipped with the latest Microsoft software patches and running the built-in Windows firewall.

The problem resides in the Windows "Remote Desktop," which lets users configure remote access to their computer. By default, the Microsoft firewall built into the Windows XP Service Pack 2 update is configured to deny connections from the Internet for remote desktop. But remote desktop shares the same vulnerable Microsoft programming code as "Remote Assistance" -- a service designed to allow Microsoft and other technicians to troubleshoot problems on Windows machines from afar. And the bad part is that the remote assistance program is automatically allowed to bypass the Windows firewall in PCs with Service Pack 2 installed.


But, wait, there's more! This article indicates M$ admits it's a flaw in Windows 2000 Desktop & Server editions, and 2003 Server as well.