DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 897656 - Last Review: June 20, 2014 - Revision: 2.0

Symptoms

After you apply security update MS05-019 to a computer that is running Microsoft Windows XP with Service Pack 1 (SP1), networking programs and tools that send manually crafted Transmission Control Protocol (TCP) packets over raw Internet Protocol (IP) sockets may stop working. This behavior may also affect programs and tools that send User Datagram Protocol (UDP) packets.

Cause

This behavior occurs because security update MS05-019 changes the way raw sockets work when Internet Connection Firewall (ICF) is disabled. By default, ICF is disabled in Microsoft Windows XP with SP1.

Workaround

To work around this behavior, enable ICF. After you start ICF, you can send TCP packets and UDP packets over raw sockets. To enable ICF in Windows XP with SP1, follow these steps:
  1. Click Start, click Run, type control.exe netconnections, and then click OK.
  2. Right-click the connection on which you want to enable ICF, and then click Properties.
  3. On the Advanced tab, click to select Protect my computer or network.
  4. To enable the use of programs and services through the firewall, click Settings, and then click to select the programs, protocols, and services that you want to enable for the ICF configuration.

More information

Traffic over raw sockets is also restricted in Microsoft Windows XP with Service Pack 2. For more information about this restriction, see the "Restricted traffic over raw sockets" section of the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb457156.aspx (http://technet.microsoft.com/en-us/library/bb457156.aspx)
If you frequently use tools that send packets over raw sockets, we suggest that you use Microsoft Windows Server 2003. Windows Server 2003 does not restrict traffic over raw sockets.

For more information about security update MS05-019, click the following article number to view the article in the Microsoft Knowledge Base:
893066  (http://support.microsoft.com/kb/893066/ ) MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service
Keywords: 
kbtshoot kbprb KB897656
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support