Because of the way that some dialing software configures routing tables, Windows Firewall in Windows XP SP2 can sometimes interpret the whole Internet to be a local subnet. This can let anyone on the Internet access a Windows Firewall exception if the exception is configured to use the My network (subnet) only scope option.
To resolve this problem, you must download and install Critical Update for Windows XP (KB886185). You can download and install Critical Update for Windows XP (KB886185) by using the Windows Update Web site or the Microsoft Download Center.
Some dial-up software configures the routing tables in a way that leads the Windows Firewall to determine that the whole dial-up connection is on the local subnet. After you install Critical Update for Windows XP (KB886185), Windows Firewall will no longer interpret network connections to be on the local subnet if they have IP Route Table entries that have an IP address of 0.0.0.0 and a mask of 0.0.0.0. This means that any port exceptions or program exceptions that use the My network (subnet) only scope option in Windows Firewall will not be available over most dial-up connections. You will still be able to access exceptions over a dial-up connection if you remove all scope restrictions or if you create a custom scope for exceptions.
Local network subnet configuration varies depending on the network that you are connected to and how that network is configured. Using the My network (subnet) only scope restriction does not guarantee security because it relies on the network subnet configuration to define what is the local network.
Important We strongly recommend that you use the custom scope option when you want to make sure that no unwanted incoming traffic is permitted to pass through your firewall exceptions.
To access the custom scope options for an exception, follow these steps:
| 1. | Log on to your computer as a member of the local Administrators group. |
| 2. | Click Start, click Run, type firewall.cpl, and then click OK. |
| 3. | In Windows Firewall, click the Exceptions tab. Click the program or service that you want to create an exception for. |
| 4. | Click Edit, click Change scope, and then click Custom list. |
