Networking programs that send TCP packets or UDP packets over raw IP sockets may stop working after you apply security update MS05-019 to a computer that is running Windows XP with Service Pack 1

This article has been archived. It is offered "as is" and will no longer be updated.
After you apply security update MS05-019 to a computer that is running Microsoft Windows XP with Service Pack 1 (SP1), networking programs and tools that send manually crafted Transmission Control Protocol (TCP) packets over raw Internet Protocol (IP) sockets may stop working. This behavior may also affect programs and tools that send User Datagram Protocol (UDP) packets.
This behavior occurs because security update MS05-019 changes the way raw sockets work when Internet Connection Firewall (ICF) is disabled. By default, ICF is disabled in Microsoft Windows XP with SP1.
To work around this behavior, enable ICF. After you start ICF, you can send TCP packets and UDP packets over raw sockets. To enable ICF in Windows XP with SP1, follow these steps:
  1. Click Start, click Run, type control.exe netconnections, and then click OK.
  2. Right-click the connection on which you want to enable ICF, and then click Properties.
  3. On the Advanced tab, click to select Protect my computer or network.
  4. To enable the use of programs and services through the firewall, click Settings, and then click to select the programs, protocols, and services that you want to enable for the ICF configuration.
More information
Traffic over raw sockets is also restricted in Microsoft Windows XP with Service Pack 2. For more information about this restriction, see the "Restricted traffic over raw sockets" section of the following Microsoft Web site:If you frequently use tools that send packets over raw sockets, we suggest that you use Microsoft Windows Server 2003. Windows Server 2003 does not restrict traffic over raw sockets.

For more information about security update MS05-019, click the following article number to view the article in the Microsoft Knowledge Base:
893066 MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service

Article ID: 897656 - Last Review: 12/09/2015 02:25:31 - Revision: 2.0

  • kbnosurvey kbarchive kbtshoot kbprb KB897656