View Full Version : Win XP Users Urgent

Jim B
17-09-2002, 12:00 AM
It is absolutely essential that those people using Win XP download and install XP SP1 update urgently.
See my previous post about Win XP serious flaw.

From http://grc.com/xpdite/xpdite.htm

As feared and expected, just five days after the release of Service Pack 1, and the publication of this vulnerability's details by irresponsible web journalists, instances of malicious URLs for deleting all files from user directories started appearing on the Internet.
PLEASE be sure to inform your friends and associates who are using XP about the need to either update to Service Pack 1, or quickly run XPdite on their systems.

17-09-2002, 12:21 AM
and then there was grc sucks (http://grcsucks.com/) hmmmmm who to believe

Jim B
17-09-2002, 12:54 AM
Believe it


17-09-2002, 09:57 AM

Jim B
17-09-2002, 10:20 AM
This has no relevance to the very real danger of using XP without the update.

Gibson is only one of many people who has pointed out the serious flaw and suggesting that this not be taken seriously is irresponsible and could influence users not to do the large update.

It has been demonstrated by many responsible security experts that this flaw in XP can delete the contents of any directory in your Windows system.

Jim B
17-09-2002, 10:53 AM
Unwary Windows XP users can have entire directories
emptied of files simply by clicking on a hyperlink,
according to an Australian security researcher.

http://www.zdnet.com.au/newstech/security/story/0,2000024985,20268254,00.htm] ( [url) ZDNet Australia[/url]

17-09-2002, 04:34 PM
> This has no relevance to the very real...

Yeah yeah, this exploit came out August 15th. Gibson is just doing the usual cash in on someone elses discovery.
Delete %windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.h tm for a quick fix.

17-09-2002, 08:45 PM
Who did first find that whole in XP then?

How come they didn't make it all that public.

Graham Petrie
17-09-2002, 10:54 PM
It was announced at an internet security conference for all the security bigwigs, and they agreed to keep it quite until SP-1 was released so that a fix was a vailable from microsoft before hackers found out about the flaw and exploited it. unfortunately some experts couldn't keep their traps shut, and a few days after the press found out, instances of the problem began surfacing.

I had a look, and just by knowing the file involved, the coding to make one of these url's is pretty easy looking. I haven't tried it yet, but it looks very basic.

G p

18-09-2002, 12:21 AM
> available from microsoft before hackers found out

what a pointless exercise as the only ones who didn't know about it were the ones likely to be exploited and Steve Gibson. Oh and that dweeb working the the cube across from me. :)

18-09-2002, 08:44 PM
I tried to wipe out system32 using a URL but it did not want to work. Probably because of the files being crucial to XP.

Graham Petrie
18-09-2002, 11:42 PM
It aparently doesn't work on hidden files - I may be wrong.

The non-hidden contents of the windows folder can be removed using it.

Oh, well, I just installed SP-1 today, so no worries.

Question -are there any updates not covered by SP-1 that I should get??