Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows XP contains massive security hole
The Inquirer ^ | Wednesday 11 September 2002, 11:50 | Paul Hales

Posted on 09/11/2002 1:40:24 PM PDT by HAL9000

Windows XP contains massive security hole

Install the Service Pack and, shush, don't tell anyone...

MICROSOFT'S RUSH to get Windows XP SP1 out and about may have been motivated by a desire to hide a vulnerability afflicting the operating system (cough) that allows hackers to delete files from a computer accessing a tweaked web page.

According to this Spanish-language site, a Googled translation of which is here, "a defect in Windows XP allows that anyone can erase archives of our computer if click becomes on a connection maliciously constructed, as much when visiting a malignant Web site, like a receiving a message with format HTML". Sorry about the language, but you get the picture.

A reader writes a little more clearly that this vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially-formed URL. He points to Gibson Research here, where they warn, "This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon."

This is a critical vulnerability and one Microsoft has done its best to keep secret, it seems.

Another reader tells us he saw a report on TechTV, the background to which they give here where they state that Microsoft has known about the flaw for some 11 weeks but kept the lid on it because it is so easy to exploit.

Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though, and CD versions are only available on the US and Canada at the moment, according to Microsoft.

The advice from various sources for users unable to install the Service Pack is to find and rename the affected file uplddrvinfo.htm. µ



TOPICS: News/Current Events; Technical
KEYWORDS: lowqualitycrap; microsoft; techindex; windows; xp
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-120 next last
To: HAL9000
I'm installing Redhat on the laptop tomorrow.

I F***ing hate Micro$oft.

41 posted on 09/11/2002 3:15:59 PM PDT by thmiley
[ Post Reply | Private Reply | To 1 | View Replies]

To: TopQuark
My issue is, what I want an OS to do is very simple. Provide a fast, consistent, stable interface for disk, graphics, and peripheral access. That's about it. I don't want my OS to be an all-purpose life enhancement tool.

Microsoft has not delivered what I want in an OS because it would shut down the perpetual upgrade machine.

If you had to buy six cars in succession from the same vendor in seven years, would it speak well of the vendor's quality??

42 posted on 09/11/2002 3:16:47 PM PDT by Charlotte Corday
[ Post Reply | Private Reply | To 40 | View Replies]

To: Jalapeno
Just one?

I dunno. Maybe one or two more?

43 posted on 09/11/2002 3:32:52 PM PDT by rdb3
[ Post Reply | Private Reply | To 34 | View Replies]

To: John Robinson; B Knotts; stainlessbanner; TechJunkYard; ShadowAce; Knitebane; AppyPappy; jae471; ...
The Penguin Ping.

Wanna be Penguified? Just holla!

Got root?

44 posted on 09/11/2002 3:33:58 PM PDT by rdb3
[ Post Reply | Private Reply | To 1 | View Replies]

To: SGCOS
Only took my system 2.5 hours to download and install on a 10 MB net connection.

Bwa ha ha ha ha ha!

45 posted on 09/11/2002 3:38:46 PM PDT by Petronski
[ Post Reply | Private Reply | To 13 | View Replies]

To: TopQuark
Now, given your impatience with MS, how many operating systems have you written?

Jeez. What a question. How many automobiles have you built? Do you have to build one--or just pay for one--to be angry when it breaks?

46 posted on 09/11/2002 3:42:42 PM PDT by jammer
[ Post Reply | Private Reply | To 26 | View Replies]

To: HAL9000
Here's The Register's story on it.
In a nutshell: if you use the "Help Center" (just WTF is that?) you can pass it a string to delete directory contents.
If you put "hcp://system/DFS/uplddrvinfo.htm?file://c:\test\*" for a URL in IE it should erase what's under c:\test. However it looks like it only works for XP as my 2k box doesn't have the DFS directory or a uplddrvinfo.htm file.
47 posted on 09/11/2002 4:17:50 PM PDT by lelio
[ Post Reply | Private Reply | To 1 | View Replies]

To: BJungNan
Thanks for the info. I have been relying on BlackIce to prevent hackers from getting into my machine. I went through the operation and did the deed for the 9x Security fix. It was a tad more complicated than I thought, but it works fine with Win 98 SE on my computer. I am using it now with the fix in...

Good Hunting... from Varmint Al

48 posted on 09/11/2002 4:46:02 PM PDT by Varmint Al
[ Post Reply | Private Reply | To 15 | View Replies]

To: general_re
Oh, you're using XP in a mission critical role.

To each his own, I guess...
49 posted on 09/11/2002 4:47:55 PM PDT by Slainte
[ Post Reply | Private Reply | To 25 | View Replies]

To: Cicero
although Win2000 is also stable

I agree. I have Win2000 Professional running on a 500 MHz Gateway laptop that has run 24/7 for a year without a hiccup. Only restarts are when necessary after downloading OS or program updates.

Both Win2000 and XP are much more stable than Win/me in my experience.

Jack

50 posted on 09/11/2002 5:07:15 PM PDT by JackOfVA
[ Post Reply | Private Reply | To 27 | View Replies]

To: Slainte
Nope, but Win2K does the same thing.
51 posted on 09/11/2002 5:50:55 PM PDT by general_re
[ Post Reply | Private Reply | To 49 | View Replies]

To: JackOfVA
"Both Win2000 and XP are much more stable than Win/me in my experience. "

I don't know about XP but win2k is very stable. It is the best MS OS ever, IMO. Of course, I prefer linux but unfortunately not everything I like to run works in linux yet.

52 posted on 09/11/2002 6:00:54 PM PDT by Crispy
[ Post Reply | Private Reply | To 50 | View Replies]

To: toupsie
Servers shouldn't "hang" in the first place! Is that a normal experience with Windows servers?

I know, I know. If only I had a Mac. Not only is the G4 fast enough to execute an infinite loop in under half a second, OS X has uptimes measured in eons. Not only does it never, ever crash, it has been scientifically proven to boost a user's IQ by 30%, cure cancer by the laying on of hands, increase bank accounts to billionaire levels, and attract more hot women than a light beer commercial. Keeping a Mac in one's bedroom permits it to emit mysterious "Z" rays during the night, which act to prevent nightmares, back problems, and bedwetting. It's a floor wax, a dessert topping, the mother you never knew, and a therapist all rolled into one. And all this for only $0.37.

Did I leave anything out? :^)

53 posted on 09/11/2002 6:07:54 PM PDT by general_re
[ Post Reply | Private Reply | To 35 | View Replies]

To: Capt_Hank
I downloaded SP-1 the other night. I couldn't delete any files or folders via the "right click". Found out that I had to set the folders or files for sharing. This is dumb as hell, I'm the owner and only user.

Well... so far as you know. No telling what happens when XP PHONES HOME.

54 posted on 09/11/2002 6:09:48 PM PDT by AFreeBird
[ Post Reply | Private Reply | To 10 | View Replies]

To: lelio; rdb3
If you put "hcp://system/DFS/uplddrvinfo.htm?file://c:\test\*" for a URL in IE it should erase what's under c:\test.

Oh, that's a feature... like the old "rm -rf /' game in Linux. Watch the disk access LED light up real bright.

55 posted on 09/11/2002 6:14:14 PM PDT by TechJunkYard
[ Post Reply | Private Reply | To 47 | View Replies]

To: evolved_rage
How much longer before the PC OS won't fit on one CD?? And then there is DLL hell and registry bloat too. Just depressing.

Well, why do you think they now ship PC's with DVD drives? I hear the .NyET developer package only comes on DVD. It is only a matter of time before Winders will consume ever more resources.

Bloat - it's not just for after dinner anymore.

56 posted on 09/11/2002 6:14:31 PM PDT by AFreeBird
[ Post Reply | Private Reply | To 11 | View Replies]

To: TechJunkYard
Oh, that's a feature... like the old "rm -rf /' game in Linux. Watch the disk access LED light up real bright.

Yeah! Enter "rm -f /" into your shell prompt and watch those pretty little lights go! ;-)

57 posted on 09/11/2002 6:28:17 PM PDT by rdb3
[ Post Reply | Private Reply | To 55 | View Replies]

To: rdb3; All
Just installed Red Hat 7.3 for the fourth time on my Dell Inspiron 8200. Dual boot with XP and I'm just learning Linux.

I keep wiping it and re-installing every time I clobber the video trying to get my screen up to 1400x1050. I've rpmed the files from Nvidia but can't get it installed correctly I'm a win developer but newbie to Linux...not even sure where I should install the kernel rpm. Somebody FReepmail with help! Please!
58 posted on 09/11/2002 6:29:42 PM PDT by 6ppc
[ Post Reply | Private Reply | To 44 | View Replies]

Comment #59 Removed by Moderator

To: RadioAstronomer; longshadow; PatrickHenry
Don't know if this is relevant, but here's a ping anyway.
60 posted on 09/11/2002 6:43:39 PM PDT by Scully
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 101-120 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson