Microsoft has confirmed the security vulnerability in certain versions of Windows that potentially allows malicious hackers to gain unauthorized entry in wireless-enabled systems. Windows 2000, XP and 2003 have a feature called “Wireless Zero Config” that makes it easier for users to set up wireless networks. In a nutshell, this feature connects your system to the WiFi hotspot with the best available signal even without your intervention.

The problem begins when your WiFi-enabled computer connects to another WiFi-enabled computer in what is called an ad-hoc or peer-to-peer connection, which does not require a network infrastructure—basically the presence of a WiFi access point. Once this happens, your system begins to broadcast the SSID—or Service Set ID—of the ad-hoc network as its own, and will continue to do even if no longer in the presence of the other system.

The computer continues to beam out an SSID beacon until this feature is manually turned off. You are at risk in that once a malicious hacker (or a malicious script) detects your SSID broadcast, he can now link to your system in a similar ad-hoc fashion, and do all sorts of stuff that can normally be done when connected via Local Area Network, such as access files, printers, and even system settings.

Fortunately, this is very easy to fix. Security experts advise turning off the ad-hoc wireless networking feature, which is rarely needed anyway. You can do this by opening the Properties sheet of your wireless network, and then under the “Advanced” wireless options window, select “Access point (infrastructure) networks only.” Microsoft promised to set this as the default option in its next Windows update patch.