Networking programs that send TCP packets or UDP packets over raw IP sockets may stop working after you apply security update MS05-019 to a computer that is running Windows XP with Service Pack 1 (897656)



The information in this article applies to:

  • Microsoft Windows XP Service Pack 1, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional

SYMPTOMS

After you apply security update MS05-019 to a computer that is running Microsoft Windows XP with Service Pack 1 (SP1), networking programs and tools that send manually crafted Transmission Control Protocol (TCP) packets over raw Internet Protocol (IP) sockets may stop working. This behavior may also affect programs and tools that send User Datagram Protocol (UDP) packets.

CAUSE

This behavior occurs because security update MS05-019 changes the way raw sockets work when Internet Connection Firewall (ICF) is disabled. By default, ICF is disabled in Microsoft Windows XP with SP1.

WORKAROUND

To work around this behavior, enable ICF. After you start ICF, you can send TCP packets and UDP packets over raw sockets. To enable ICF in Windows XP with SP1, follow these steps:
  1. Click Start, click Run, type control.exe netconnections, and then click OK.
  2. Right-click the connection on which you want to enable ICF, and then click Properties.
  3. On the Advanced tab, click to select Protect my computer or network.
  4. To enable the use of programs and services through the firewall, click Settings, and then click to select the programs, protocols, and services that you want to enable for the ICF configuration.

MORE INFORMATION

Traffic over raw sockets is also restricted in Microsoft Windows XP with Service Pack 2. For more information about this restriction, see the "Restricted traffic over raw sockets" section of the following Microsoft Web site:If you frequently use tools that send packets over raw sockets, we suggest that you use Microsoft Windows Server 2003. Windows Server 2003 does not restrict traffic over raw sockets.

For more information about security update MS05-019, click the following article number to view the article in the Microsoft Knowledge Base:

893066 MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service


Modification Type:MinorLast Reviewed:4/19/2005
Keywords:kbtshoot kbprb KB897656