Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows XP contains massive security hole
The Inquirer ^ | Wednesday 11 September 2002, 11:50 | Paul Hales

Posted on 09/11/2002 1:40:24 PM PDT by HAL9000

Windows XP contains massive security hole

Install the Service Pack and, shush, don't tell anyone...

MICROSOFT'S RUSH to get Windows XP SP1 out and about may have been motivated by a desire to hide a vulnerability afflicting the operating system (cough) that allows hackers to delete files from a computer accessing a tweaked web page.

According to this Spanish-language site, a Googled translation of which is here, "a defect in Windows XP allows that anyone can erase archives of our computer if click becomes on a connection maliciously constructed, as much when visiting a malignant Web site, like a receiving a message with format HTML". Sorry about the language, but you get the picture.

A reader writes a little more clearly that this vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially-formed URL. He points to Gibson Research here, where they warn, "This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon."

This is a critical vulnerability and one Microsoft has done its best to keep secret, it seems.

Another reader tells us he saw a report on TechTV, the background to which they give here where they state that Microsoft has known about the flaw for some 11 weeks but kept the lid on it because it is so easy to exploit.

Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though, and CD versions are only available on the US and Canada at the moment, according to Microsoft.

The advice from various sources for users unable to install the Service Pack is to find and rename the affected file uplddrvinfo.htm. µ



TOPICS: News/Current Events; Technical
KEYWORDS: lowqualitycrap; microsoft; techindex; windows; xp
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-120 next last
To: Slainte
I havent seen WinXP do that yet. Win2k used to occasionally.
21 posted on 09/11/2002 2:13:43 PM PDT by jude24
[ Post Reply | Private Reply | To 14 | View Replies]

To: Pern
LOL! I downloaded SP1 for XP pro, and now my computer reboots whenever it want's to. It's done it 3 times today so far.

I installed SP1 for XP Pro yesterday and see no indications of problems. I'm using a Compaq 5330US 1.7 GHz machine with 512M of RAM. XP Pro on this machine has been quite stable before SP1 and so far (fingers crossed) no adverse results from SP1.

Jack

22 posted on 09/11/2002 2:14:10 PM PDT by JackOfVA
[ Post Reply | Private Reply | To 4 | View Replies]

To: my_pointy_head_is_sharp
...If you download the service pack, does that completely take care of the security problem?

Probably opens up 5 more security holes...

23 posted on 09/11/2002 2:16:00 PM PDT by SGCOS
[ Post Reply | Private Reply | To 20 | View Replies]

To: Slainte
By default XP is set to restart anytime you would have gotten a BSOD in a previous version of Windows. Stupid design decision.

I disagree; smart design decision. Now your machine can reboot and perhaps start serving its role again without requiring operator intervention, and the content of the BSOD diagnostic messages are thrown in the system log.

24 posted on 09/11/2002 2:16:42 PM PDT by zeromus
[ Post Reply | Private Reply | To 14 | View Replies]

To: Slainte
By default XP is set to restart anytime you would have gotten a BSOD in a previous version of Windows. Stupid design decision.

You'd rather have your server just sort of hanging out and doing nothing than restart and get back to work? Huh....

To each his own, I guess...

25 posted on 09/11/2002 2:17:42 PM PDT by general_re
[ Post Reply | Private Reply | To 14 | View Replies]

To: paulklenk
Why are there products so vulnerable to security breaches? Because it is theoretically impossible to debug a large program.

It is amazing that there are relatively few bugs, and updates are coming up regularly.

Now, given your impatience with MS, how many operating systems have you written?

26 posted on 09/11/2002 2:21:27 PM PDT by TopQuark
[ Post Reply | Private Reply | To 2 | View Replies]

To: JackOfVA
I also installed SP-1 with no problems. I have found WinXP to be my favorite MS OS so far, although Win2000 is also stable.
27 posted on 09/11/2002 2:22:32 PM PDT by Cicero
[ Post Reply | Private Reply | To 22 | View Replies]

To: HAL9000
According to The Screensavers on TechTV, this hole is very easy to fix without downloading SP1.

Search your machine for a file called "uplddrvinfo.htm".

Change the filename to anything else., i.e. "uplddrvinfo.htmOLD".

Reboot.

Bang! You're done.

This only applies to XP machines.
28 posted on 09/11/2002 2:25:24 PM PDT by chaosagent
[ Post Reply | Private Reply | To 1 | View Replies]

To: Slainte
By default XP is set to restart anytime you would have gotten a BSOD in a previous version of Windows. Stupid design decision.

I disagree; smart design decision. Now your machine can reboot and perhaps start serving its role again without requiring operator intervention, and the content of the BSOD diagnostic messages are thrown in the system log.

29 posted on 09/11/2002 2:26:15 PM PDT by zeromus
[ Post Reply | Private Reply | To 14 | View Replies]

To: chaosagent
Well, that will teach me not to read the very last line of the article.

It's in there too.
30 posted on 09/11/2002 2:26:42 PM PDT by chaosagent
[ Post Reply | Private Reply | To 28 | View Replies]

To: toupsie
I downloaded iCal yesterday too. It's pretty cool. I subscribed to the DVD release dates calendar, and added automatic reminders to take out the trash.

I'm looking forward to iSync later this month.

31 posted on 09/11/2002 2:34:01 PM PDT by HAL9000
[ Post Reply | Private Reply | To 18 | View Replies]

To: toupsie
Ellen Feiss
It's kind of... a bummer
32 posted on 09/11/2002 2:47:23 PM PDT by Darkshadow
[ Post Reply | Private Reply | To 17 | View Replies]

To: paulklenk
What in heck is wrong with Microsoft? Why are there products so vulnerable to security breaches?

Because Bill Gates is on the top of the mountain and every hacker in the world wants to kick him off. If everyone was focusing on Apple, problems would be exposed there, too.

There's no such thing as a hack-proof system...there's always a better hacker. The only way to make a system completely secure is to disconnect it from any form of network communication. And even then, you need to worry about securing the room.

33 posted on 09/11/2002 2:48:33 PM PDT by wbill
[ Post Reply | Private Reply | To 2 | View Replies]

To: HAL9000; rdb3
Windows XP contains massive security hole

Just one?

34 posted on 09/11/2002 2:48:59 PM PDT by Jalapeno
[ Post Reply | Private Reply | To 1 | View Replies]

To: general_re
You'd rather have your server just sort of hanging out and doing nothing than restart and get back to work? Huh....

Servers shouldn't "hang" in the first place! Is that a normal experience with Windows servers?

35 posted on 09/11/2002 2:49:28 PM PDT by toupsie
[ Post Reply | Private Reply | To 25 | View Replies]

To: wbill
Because Bill Gates is on the top of the mountain and every hacker in the world wants to kick him off. If everyone was focusing on Apple, problems would be exposed there, too.

Sorry but Microsoft has admitted that Windows was not designed with security in mind. Its not market share that is Microsoft's problem with Windows, its the design. VP Valentine said as much in a speech. The market share excuse is a worn out Microsoft marketing ploy.

36 posted on 09/11/2002 2:52:24 PM PDT by toupsie
[ Post Reply | Private Reply | To 33 | View Replies]

To: HAL9000
bump for later read
37 posted on 09/11/2002 2:55:21 PM PDT by savedbygrace
[ Post Reply | Private Reply | To 1 | View Replies]

To: TopQuark
Now, given your impatience with MS, how many operating systems have you written?

I confess I haven't written any.

On the other hand, MS has written SIX PC OS's (95, NT4, 98, ME, 2000, XP) in the last seven years.

Eight if you count 98SE and the two flavors of XP.

I guess that makes them better.

Or something.

38 posted on 09/11/2002 2:55:34 PM PDT by Charlotte Corday
[ Post Reply | Private Reply | To 26 | View Replies]

To: HAL9000
humm, I wonder about this. It seems to me that I read that SP1 of XP allows MS to be able to deactivate any product, software, filetype, etc... at any given time. I recall reading this in the latest publications and that it is stated in the new License Agreement. It is also a "feature" in W2K SP3.... I think I will not upgrade.
39 posted on 09/11/2002 2:59:29 PM PDT by phalynx
[ Post Reply | Private Reply | To 1 | View Replies]

To: Charlotte Corday
I guess that makes them better. And they are if you reflect what "better" means.

However, "better" and "bug-free" are two different aspects of a product.

I guess, I have to say it straighforwardly: when one formulates expectations (such as seeing the bug-free software) one needs to know what is involved in the creation of the product.

We've built a lot of highways, and still have accidents on them. Think about that analogy.

40 posted on 09/11/2002 3:08:59 PM PDT by TopQuark
[ Post Reply | Private Reply | To 38 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-120 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson