ITsVISTA
Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB952131

Piggybacked data on a TCP Acknowledgement (ACK) package may bypass the WFP inspection process in Windows Vista

The TCP protocol uses a three-way handshake to establish a TCP connection. The last interaction in the three-way handshake is a TCP Acknowledgement (ACK) package. However, in Windows Vista, the Windows Filtering Platform (WFP) inspection occurs only after the three-way handshake is completed. Therefore, any data that is piggybacked on the ACK package may bypass the WFP inspection process.

Note: A payload can legitimately piggyback on the ACK package.

This issue affects socket applications that use NetBIOS communication on a Windows Vista-based computer.

There is a download that resolves this issue. See Hotfixes for details.

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB952131.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts