A bit of flurry about an exploit available in Internet Connection Sharing (ICS). Basically, this exploit allows an attacker to shut down the Windows Firewall.
While any exploit is something to be concerned about, this one is not a big deal and is not worthy of mass panic. George Ou writes on this issue here, worth reading.
To distill the problem, first ask yourself: Do you even use Internet Connection Sharing?
If you’re like most people, you don’t. In fact, Internet Connection Sharing is something most people don’t even know about — it’s a little-used feature that Microsoft has been shipping since Windows 98 that allows one computer’s internet connection to be shared by others.
Maybe it’s used in third world countries, where one dial up connection is shared by others (while some poor fellow gets the job of having to bicycle to keep the generator going). But ICS is just not part of any current network topology. And for those who share a DSL or cable modem through ICS — let me give you a word of advice. If you can afford the $50 per month for your service, then pay even half that amount for a cheap firewall/router. Really.
Second, if you do use Internet Connection Sharing, realize that this exploit only affects you from the inside of your LAN. Yes, folks, this is not something where you have to go to a website and get hacked. It is exploited from within.
Reguly at nCircle, the fellow who is chatty about this particular exploit, has recommended a solution that might not be the best course of action — disabling ICS (which will kill the Windows firewall, not the approach I would be the most sanguine about) and blocking port 53. [Update — I have to correct myself — it’s true that if you kill the Firewall/ICS service, you kill your Windows firewall. But as the nCircle folks point out, you can simply disable ICS and keep the firewall going, mitigating this exploit. More here.]
(Hat tip to George Ou.)