Vulnerability

    WinRoute

Affected

    WinRoute Pro v4.1 all current builds

Description

    Peter Miller found following.  He has discovered that the WinRoute
    installer  disables  memory  write  protection under Windows 2000.
    WinRoute  refuses  to  run  if  memory write protection is enable.
    Memory write protection enabled is the default for Windows 2000.

    The registry key affected is:

        HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\EnforceWriteProtection

    Disabling  memory  write  protection  can  indirectly  affect  the
    stability and security  of the machine.   Malicious software  such
    as viruses  will find  it easier  to corrupt  the system or hijack
    system  processes.  Buggy  software  will  crash  the  system more
    easily.   A hacker  may be  able to  use this  information to more
    easily penetrate a WinRoute firewalled system.

Solution

    Future builds of Tiny Personal Firewall and the yet to be released
    WinRoute  5.0  will  not  require  memory  write  protection to be
    disabled under Windows 2000.

    This fix  will be  available in  Tiny Personal  Firewall 2.0.7 and
    WinRoute 5.0.