Windows XP contains massive security hole

The Inquirer ^ | Wednesday 11 September 2002, 11:50 | Paul Hales

[HAL9000]

Windows XP contains massive security hole

Install the Service Pack and, shush, don't tell anyone...

MICROSOFT'S RUSH to get Windows XP SP1 out and about may have been motivated by a desire to hide a vulnerability afflicting the operating system (cough) that allows hackers to delete files from a computer accessing a tweaked web page.

According to this Spanish-language site, a Googled translation of which is here, "a defect in Windows XP allows that anyone can erase archives of our computer if click becomes on a connection maliciously constructed, as much when visiting a malignant Web site, like a receiving a message with format HTML". Sorry about the language, but you get the picture.

A reader writes a little more clearly that this vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially-formed URL. He points to Gibson Research here, where they warn, "This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon."

This is a critical vulnerability and one Microsoft has done its best to keep secret, it seems.

Another reader tells us he saw a report on TechTV, the background to which they give here where they state that Microsoft has known about the flaw for some 11 weeks but kept the lid on it because it is so easy to exploit.

Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though, and CD versions are only available on the US and Canada at the moment, according to Microsoft.

The advice from various sources for users unable to install the Service Pack is to find and rename the affected file uplddrvinfo.htm. µ

[paulklenk]

What in heck is wrong with Microsoft? Why are there products so vulnerable to security breaches?

[TheRedSoxWinThePennant]

dont worry all you microsoft xp users just send me your social security number with your name and I will get back to you with a fix for your problem

[Pern]

LOW QUALITY CRAP

LOL! I downloaded SP1 for XP pro, and now my computer reboots whenever it want's to. It's done it 3 times today so far.

[big'ol_freeper]

What a surprise, a Microsoft product with security flaws! < /sarcasm>

[Billy_bob_bob]

Gee, my new copy of OS X 10.2 (Jaguar) is running just fine. Installed clean as a whistle, has some fun new features, no need to reboot yet.

Yes, I switched, and I'm a much happier computer user now.

[Pearls Before Swine]

dont worry all you microsoft xp users just send me your social security number with your name and I will get back to you with a fix for your problem

Don't you also need my mother's maiden name...to generate by new security key?

[cmsgop]

Jag is COOL!

[erikm88]

wow imagine that...

--erik

[Capt_Hank]

I downloaded SP-1 the other night. I couldn't delete any files or folders via the "right click". Found out that I had to set the folders or files for sharing. This is dumb as hell, I'm the owner and only user.

[evolved_rage]

This always reminds about Asimov's Foundation trilogy. The big fat bloated empire with all the resources in the galaxy, building enormous and inefficient spaceships, versus resource constrained Terminous, a planet that was driven to build more and more efficient technology and brainpower. How much longer before the PC OS won't fit on one CD?? And then there is DLL hell and registry bloat too. Just depressing.

...I know, I know, but I've never seen a mac in any (about 20-30) corporate finance/accounting settings since an old Classic was used as a foot rest back in 1993. I'll change when they change, I gotta eat.

[meadsjn]

indexing

[SGCOS]

...Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though...

Only took my system 2.5 hours to download and install on a 10 MB net connection.

[Slainte]

By default XP is set to restart anytime you would have gotten a BSOD in a previous version of Windows. Stupid design decision.

If you can stay running long enough, you can change the behavior by right clicking My Computer, Advanced, Startup and Recovery Settings, and uncheck Automatically Restart.

It doesn't resolve the error condition, but at least you get a chance to figure out what's causing the error condition.

Here’s the release notes ("errata" list) for SP1-
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q324722

[BJungNan]

GRC.com is a site you should book mark and check from time to time.

For those of you running Windows 9x (Windows 95/98) he has a very good trick to significantly increase you on line security.

GRC Link Here to Windows 9x security fix

Excerpt from the site on this subject (95/98 security):

Network Bondage
Discipline your network bindings in the privacy of your own home.

Microsoft's networking technology is only required for sharing files and printer services with other Microsoft-based PC's. It is not needed for connecting to the Internet or for using any Internet services. Using it in wide area networking (WAN - like the Internet) situations, dramatically lowers your security by divulging information about you and your computer, exposing Microsoft's weak password protection system to password crackers over the Internet, bringing your machine to the attention of Internet scanners and intruders and making you a target for attack.

When going through the process, if you do, print out the instructions, read through them once. Don't be intimidated. It is very step by step. Then have the instructions next to you as you work through the changes.

[IsItTimeYet]

That's not a flaw, it's a feature (smirk)

[toupsie]

A massive security hole in Windows XP? Didn't Bill Gates say that Windows XP was the most secure OS ever? Wasn't their a memo passed to all Microsoft staff saying security was job #1? None of this makes since. Maybe Bush2000 can explain it. He seems to know all of the Microsoft marketing excuses.

Guess its time to switch or sort of switch.

[toupsie]

Gee, my new copy of OS X 10.2 (Jaguar) is running just fine. Installed clean as a whistle, has some fun new features, no need to reboot yet. Yes, I switched, and I'm a much happier computer user now.

Good for you! I installed Jaguar on my work Mac and haven't shut it down or rebooted it since. Sixteen days, 6 hours and 53 minutes of uptime so far and I run all kinds of alpha and beta quality software for work. Flawless performance. As a bonus, Apple gave me a cool program yesterday called, iCal. A really nice calendar application--for free!

[toupsie]

Only took my system 2.5 hours to download and install on a 10 MB net connection.

Too bad that was 2.4 hours more than the hacker needed to steal data off your hard drive! :P

[my_pointy_head_is_sharp]

If you download the service pack, does that completely take care of the security problem?