PDA

View Full Version : XP SP2 patch already needs fixing



PressF1 User
22-08-2004, 11:45 AM
From the UK Register...
-----------------------------------------------------------
XP SP2 über patch already needs fixing
By John Leyden
Published Friday 20th August 2004 10:34 GMT
The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered

The vulnerability allows malicious websites to place an executable file in a user's start-up folder when a user drags or clicks on a program masqueraded as an image. http-equiv of malware.com, a so-called White Hat hacker, has posted a sample exploit which demonstrates security weaknesses in the drag and drop function of IE that give rise to the exploit.

Even though this demo depends on the user performing a drag and drop event, it might be rewritten so a user need only perform a single click on an image instead, according to security firm Secunia.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Users of IE 5.5 and 5.01 are also affected.

Secunia says the "highly critical" vuln could be exploited by attackers to obtain full system access to vulnerable systems. Microsoft has yet to issue a patch, but workarounds are available. Secunia advises users to disable Active Scripting or use an alternative browser to protect themselves from attack. ®

-----------------------------------------------------------

CYaBro
23-08-2004, 10:04 AM
This problem was around before SP2 so it doesn't mean you shouldn't install it!!

Chilling_Silence
23-08-2004, 10:14 AM
He's right, and the funny thing is that a week from now there will be another IE or WinXP SP2 Vulnerability.... Still install SP2! Its worth it for the small enhancements, and it means that (hopefully) we wont ever have a world full of blaster-virus-sharing PC's!


Chill.

willie_M
23-08-2004, 11:38 AM
just out of interest.. can the blaster worm still do any damage to microsoft?

dipstick01
23-08-2004, 10:39 PM
Just read the latest IDG anti virus news and a very interesting excrpt on XP sp2 and the programs that wont run after installing. check out this link and note the big and commonly used names in Anti Virus and Firewalls.

Myself I will be holding off installing the damn thing till there are more fixes.

Chilling_Silence
23-08-2004, 11:06 PM
Yes the blaster worm still can on un-patched boxes.

That's why slipstreaming XP SP2 is a good idea :-)

willie_M
23-08-2004, 11:31 PM
>That's why slipstreaming XP SP2 is a good idea

Why would helping microsoft be good?

Chilling_Silence
23-08-2004, 11:52 PM
You're helping yourself because otherwise you're the drone and your Internet speeds will crawl and possibly incur massive bandwidth charges depending on your internet plan.

If you're against the Microsoft trend, then use another OS, like Linux, Unix, BSD, Solaris, OS/2... Take ya pick ;-)

robsonde
24-08-2004, 02:28 AM
a random clip of a story off the internet about the holes in SP2



But, if I’ve read Seltzer correctly, the recipe for the vulnerability’s exploit consists of one part technology, four parts social engineering, and five parts a really dumb user. Says Seltzer, it’s the equivalent of being successfully victimized by an e-mail from your car manufacturer that says "Our records show that the gas tank in your car model tends to collect dirt deposits. To preserve your vehicle warranty, we recommend that you add a cup of ordinary laundry detergent with each tank of gas." He’s got a point.

Murray P
24-08-2004, 09:25 AM
> "Our records show that the gas tank in your car model
> tends to collect dirt deposits. To preserve your
> vehicle warranty, we recommend that you add a cup of
> ordinary laundry detergent with each tank of gas."

Bugger, umm, anyone know a good mechanic :8}

Cheers Murray ;P