I saw this on Bugtraq and I made some minor tweaks for clarity.

"By adding a new key to the registry in HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List/ [add apps here] you can circumvent the whole purpose of the firewall with out the users interaction or knowledge. Spyware / Adware manufacturer's are already do this.
"

Originally from here:
http://habaneronetworks.com/viewArticle.php?ID=144

Has anyone tested this yet? I haven't had the time lately so I'm hoping that some of my pals here can get it checked out. If this works as I suspect it does, a lot of end users are in deep trouble.

**UPDATE**
YIKES. I tested it and it DOES work. The registry edits do not show up in the exceptions list within the firewall app either. Time to take action. While I don't see this as a firewall vulnerability, but rather a permissions issue, I cannot blame MS completely but like anything else, you have to assume the end user is a complete retard and incapable of protecting themselves or the PC they are using.




--TH13