Microsoft KB Archive/897656

= Networking programs that send TCP packets or UDP packets over raw IP sockets may stop working after you apply security update MS05-019 to a computer that is running Windows XP with Service Pack 1 =

Article ID: 897656

Article Last Modified on 10/26/2007

-

APPLIES TO

 Microsoft Windows XP Service Pack 1, when used with:  Microsoft Windows XP Home Edition

 Microsoft Windows XP Professional 

-





SYMPTOMS
After you apply security update MS05-019 to a computer that is running Microsoft Windows XP with Service Pack 1 (SP1), networking programs and tools that send manually crafted Transmission Control Protocol (TCP) packets over raw Internet Protocol (IP) sockets may stop working. This behavior may also affect programs and tools that send User Datagram Protocol (UDP) packets.



CAUSE
This behavior occurs because security update MS05-019 changes the way raw sockets work when Internet Connection Firewall (ICF) is disabled. By default, ICF is disabled in Microsoft Windows XP with SP1.



WORKAROUND
To work around this behavior, enable ICF. After you start ICF, you can send TCP packets and UDP packets over raw sockets. To enable ICF in Windows XP with SP1, follow these steps:
 * 1) Click Start, click Run, type control.exe netconnections, and then click OK.
 * 2) Right-click the connection on which you want to enable ICF, and then click Properties.
 * 3) On the Advanced tab, click to select Protect my computer or network.
 * 4) To enable the use of programs and services through the firewall, click Settings, and then click to select the programs, protocols, and services that you want to enable for the ICF configuration.

<div class="moreinformation_section">

MORE INFORMATION
Traffic over raw sockets is also restricted in Microsoft Windows XP with Service Pack 2. For more information about this restriction, see the &quot;Restricted traffic over raw sockets&quot; section of the following Microsoft Web site:

http://technet.microsoft.com/en-us/library/bb457156.aspx

If you frequently use tools that send packets over raw sockets, we suggest that you use Microsoft Windows Server 2003. Windows Server 2003 does not restrict traffic over raw sockets.

For more information about security update MS05-019, click the following article number to view the article in the Microsoft Knowledge Base:

893066 MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service

Additional query words:

Keywords: kbtshoot kbprb KB897656

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.