Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows XP contains massive security hole
The Inquirer ^ | Wednesday 11 September 2002, 11:50 | Paul Hales

Posted on 09/11/2002 1:40:24 PM PDT by HAL9000

Windows XP contains massive security hole

Install the Service Pack and, shush, don't tell anyone...

MICROSOFT'S RUSH to get Windows XP SP1 out and about may have been motivated by a desire to hide a vulnerability afflicting the operating system (cough) that allows hackers to delete files from a computer accessing a tweaked web page.

According to this Spanish-language site, a Googled translation of which is here, "a defect in Windows XP allows that anyone can erase archives of our computer if click becomes on a connection maliciously constructed, as much when visiting a malignant Web site, like a receiving a message with format HTML". Sorry about the language, but you get the picture.

A reader writes a little more clearly that this vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially-formed URL. He points to Gibson Research here, where they warn, "This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon."

This is a critical vulnerability and one Microsoft has done its best to keep secret, it seems.

Another reader tells us he saw a report on TechTV, the background to which they give here where they state that Microsoft has known about the flaw for some 11 weeks but kept the lid on it because it is so easy to exploit.

Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though, and CD versions are only available on the US and Canada at the moment, according to Microsoft.

The advice from various sources for users unable to install the Service Pack is to find and rename the affected file uplddrvinfo.htm. µ



TOPICS: News/Current Events; Technical
KEYWORDS: lowqualitycrap; microsoft; techindex; windows; xp
Navigation: use the links below to view more comments.
first 1-5051-100101-120 next last

1 posted on 09/11/2002 1:40:25 PM PDT by HAL9000
[ Post Reply | Private Reply | View Replies]

To: HAL9000
What in heck is wrong with Microsoft? Why are there products so vulnerable to security breaches?
2 posted on 09/11/2002 1:41:39 PM PDT by paulklenk
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
dont worry all you microsoft xp users just send me your social security number with your name and I will get back to you with a fix for your problem
3 posted on 09/11/2002 1:43:36 PM PDT by TheRedSoxWinThePennant
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
LOW QUALITY CRAP

LOL! I downloaded SP1 for XP pro, and now my computer reboots whenever it want's to. It's done it 3 times today so far.

4 posted on 09/11/2002 1:44:49 PM PDT by Pern
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
What a surprise, a Microsoft product with security flaws! < /sarcasm>

5 posted on 09/11/2002 1:45:27 PM PDT by big'ol_freeper
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pern
Gee, my new copy of OS X 10.2 (Jaguar) is running just fine. Installed clean as a whistle, has some fun new features, no need to reboot yet.

Yes, I switched, and I'm a much happier computer user now.

6 posted on 09/11/2002 1:47:59 PM PDT by Billy_bob_bob
[ Post Reply | Private Reply | To 4 | View Replies]

To: redsoxallthewayintwothousand2
dont worry all you microsoft xp users just send me your social security number with your name and I will get back to you with a fix for your problem

Don't you also need my mother's maiden name...to generate by new security key?

7 posted on 09/11/2002 1:48:26 PM PDT by Pearls Before Swine
[ Post Reply | Private Reply | To 3 | View Replies]

To: Billy_bob_bob
Jag is COOL!
8 posted on 09/11/2002 1:50:49 PM PDT by cmsgop
[ Post Reply | Private Reply | To 6 | View Replies]

To: All
wow imagine that...

--erik

9 posted on 09/11/2002 1:52:51 PM PDT by erikm88
[ Post Reply | Private Reply | To 8 | View Replies]

To: HAL9000
I downloaded SP-1 the other night. I couldn't delete any files or folders via the "right click". Found out that I had to set the folders or files for sharing. This is dumb as hell, I'm the owner and only user.
10 posted on 09/11/2002 1:54:44 PM PDT by Capt_Hank
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
This always reminds about Asimov's Foundation trilogy. The big fat bloated empire with all the resources in the galaxy, building enormous and inefficient spaceships, versus resource constrained Terminous, a planet that was driven to build more and more efficient technology and brainpower. How much longer before the PC OS won't fit on one CD?? And then there is DLL hell and registry bloat too. Just depressing.

...I know, I know, but I've never seen a mac in any (about 20-30) corporate finance/accounting settings since an old Classic was used as a foot rest back in 1993. I'll change when they change, I gotta eat.

11 posted on 09/11/2002 1:54:53 PM PDT by evolved_rage
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
indexing
12 posted on 09/11/2002 1:55:04 PM PDT by meadsjn
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
...Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though...

Only took my system 2.5 hours to download and install on a 10 MB net connection.

13 posted on 09/11/2002 1:58:10 PM PDT by SGCOS
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pern
By default XP is set to restart anytime you would have gotten a BSOD in a previous version of Windows. Stupid design decision.

If you can stay running long enough, you can change the behavior by right clicking My Computer, Advanced, Startup and Recovery Settings, and uncheck Automatically Restart.

It doesn't resolve the error condition, but at least you get a chance to figure out what's causing the error condition.

Here’s the release notes ("errata" list) for SP1-
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q324722
14 posted on 09/11/2002 1:59:28 PM PDT by Slainte
[ Post Reply | Private Reply | To 4 | View Replies]

To: HAL9000
GRC.com is a site you should book mark and check from time to time.

For those of you running Windows 9x (Windows 95/98) he has a very good trick to significantly increase you on line security.

GRC Link Here to Windows 9x security fix

Excerpt from the site on this subject (95/98 security):

Network Bondage
Discipline your network bindings in the privacy of your own home.

Microsoft's networking technology is only required for sharing files and printer services with other Microsoft-based PC's. It is not needed for connecting to the Internet or for using any Internet services. Using it in wide area networking (WAN - like the Internet) situations, dramatically lowers your security by divulging information about you and your computer, exposing Microsoft's weak password protection system to password crackers over the Internet, bringing your machine to the attention of Internet scanners and intruders and making you a target for attack.

When going through the process, if you do, print out the instructions, read through them once. Don't be intimidated. It is very step by step. Then have the instructions next to you as you work through the changes.

15 posted on 09/11/2002 2:02:44 PM PDT by BJungNan
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pern
That's not a flaw, it's a feature (smirk)
16 posted on 09/11/2002 2:05:27 PM PDT by IsItTimeYet
[ Post Reply | Private Reply | To 4 | View Replies]

To: HAL9000
A massive security hole in Windows XP? Didn't Bill Gates say that Windows XP was the most secure OS ever? Wasn't their a memo passed to all Microsoft staff saying security was job #1? None of this makes since. Maybe Bush2000 can explain it. He seems to know all of the Microsoft marketing excuses.

Guess its time to switch or sort of switch.

17 posted on 09/11/2002 2:08:03 PM PDT by toupsie
[ Post Reply | Private Reply | To 1 | View Replies]

To: Billy_bob_bob
Gee, my new copy of OS X 10.2 (Jaguar) is running just fine. Installed clean as a whistle, has some fun new features, no need to reboot yet. Yes, I switched, and I'm a much happier computer user now.

Good for you! I installed Jaguar on my work Mac and haven't shut it down or rebooted it since. Sixteen days, 6 hours and 53 minutes of uptime so far and I run all kinds of alpha and beta quality software for work. Flawless performance. As a bonus, Apple gave me a cool program yesterday called, iCal. A really nice calendar application--for free!

18 posted on 09/11/2002 2:11:47 PM PDT by toupsie
[ Post Reply | Private Reply | To 6 | View Replies]

To: SGCOS
Only took my system 2.5 hours to download and install on a 10 MB net connection.

Too bad that was 2.4 hours more than the hacker needed to steal data off your hard drive! :P

19 posted on 09/11/2002 2:13:16 PM PDT by toupsie
[ Post Reply | Private Reply | To 13 | View Replies]

To: SGCOS
If you download the service pack, does that completely take care of the security problem?
20 posted on 09/11/2002 2:13:31 PM PDT by my_pointy_head_is_sharp
[ Post Reply | Private Reply | To 13 | View Replies]

To: Slainte
I havent seen WinXP do that yet. Win2k used to occasionally.
21 posted on 09/11/2002 2:13:43 PM PDT by jude24
[ Post Reply | Private Reply | To 14 | View Replies]

To: Pern
LOL! I downloaded SP1 for XP pro, and now my computer reboots whenever it want's to. It's done it 3 times today so far.

I installed SP1 for XP Pro yesterday and see no indications of problems. I'm using a Compaq 5330US 1.7 GHz machine with 512M of RAM. XP Pro on this machine has been quite stable before SP1 and so far (fingers crossed) no adverse results from SP1.

Jack

22 posted on 09/11/2002 2:14:10 PM PDT by JackOfVA
[ Post Reply | Private Reply | To 4 | View Replies]

To: my_pointy_head_is_sharp
...If you download the service pack, does that completely take care of the security problem?

Probably opens up 5 more security holes...

23 posted on 09/11/2002 2:16:00 PM PDT by SGCOS
[ Post Reply | Private Reply | To 20 | View Replies]

To: Slainte
By default XP is set to restart anytime you would have gotten a BSOD in a previous version of Windows. Stupid design decision.

I disagree; smart design decision. Now your machine can reboot and perhaps start serving its role again without requiring operator intervention, and the content of the BSOD diagnostic messages are thrown in the system log.

24 posted on 09/11/2002 2:16:42 PM PDT by zeromus
[ Post Reply | Private Reply | To 14 | View Replies]

To: Slainte
By default XP is set to restart anytime you would have gotten a BSOD in a previous version of Windows. Stupid design decision.

You'd rather have your server just sort of hanging out and doing nothing than restart and get back to work? Huh....

To each his own, I guess...

25 posted on 09/11/2002 2:17:42 PM PDT by general_re
[ Post Reply | Private Reply | To 14 | View Replies]

To: paulklenk
Why are there products so vulnerable to security breaches? Because it is theoretically impossible to debug a large program.

It is amazing that there are relatively few bugs, and updates are coming up regularly.

Now, given your impatience with MS, how many operating systems have you written?

26 posted on 09/11/2002 2:21:27 PM PDT by TopQuark
[ Post Reply | Private Reply | To 2 | View Replies]

To: JackOfVA
I also installed SP-1 with no problems. I have found WinXP to be my favorite MS OS so far, although Win2000 is also stable.
27 posted on 09/11/2002 2:22:32 PM PDT by Cicero
[ Post Reply | Private Reply | To 22 | View Replies]

To: HAL9000
According to The Screensavers on TechTV, this hole is very easy to fix without downloading SP1.

Search your machine for a file called "uplddrvinfo.htm".

Change the filename to anything else., i.e. "uplddrvinfo.htmOLD".

Reboot.

Bang! You're done.

This only applies to XP machines.
28 posted on 09/11/2002 2:25:24 PM PDT by chaosagent
[ Post Reply | Private Reply | To 1 | View Replies]

To: Slainte
By default XP is set to restart anytime you would have gotten a BSOD in a previous version of Windows. Stupid design decision.

I disagree; smart design decision. Now your machine can reboot and perhaps start serving its role again without requiring operator intervention, and the content of the BSOD diagnostic messages are thrown in the system log.

29 posted on 09/11/2002 2:26:15 PM PDT by zeromus
[ Post Reply | Private Reply | To 14 | View Replies]

To: chaosagent
Well, that will teach me not to read the very last line of the article.

It's in there too.
30 posted on 09/11/2002 2:26:42 PM PDT by chaosagent
[ Post Reply | Private Reply | To 28 | View Replies]

To: toupsie
I downloaded iCal yesterday too. It's pretty cool. I subscribed to the DVD release dates calendar, and added automatic reminders to take out the trash.

I'm looking forward to iSync later this month.

31 posted on 09/11/2002 2:34:01 PM PDT by HAL9000
[ Post Reply | Private Reply | To 18 | View Replies]

To: toupsie
Ellen Feiss
It's kind of... a bummer
32 posted on 09/11/2002 2:47:23 PM PDT by Darkshadow
[ Post Reply | Private Reply | To 17 | View Replies]

To: paulklenk
What in heck is wrong with Microsoft? Why are there products so vulnerable to security breaches?

Because Bill Gates is on the top of the mountain and every hacker in the world wants to kick him off. If everyone was focusing on Apple, problems would be exposed there, too.

There's no such thing as a hack-proof system...there's always a better hacker. The only way to make a system completely secure is to disconnect it from any form of network communication. And even then, you need to worry about securing the room.

33 posted on 09/11/2002 2:48:33 PM PDT by wbill
[ Post Reply | Private Reply | To 2 | View Replies]

To: HAL9000; rdb3
Windows XP contains massive security hole

Just one?

34 posted on 09/11/2002 2:48:59 PM PDT by Jalapeno
[ Post Reply | Private Reply | To 1 | View Replies]

To: general_re
You'd rather have your server just sort of hanging out and doing nothing than restart and get back to work? Huh....

Servers shouldn't "hang" in the first place! Is that a normal experience with Windows servers?

35 posted on 09/11/2002 2:49:28 PM PDT by toupsie
[ Post Reply | Private Reply | To 25 | View Replies]

To: wbill
Because Bill Gates is on the top of the mountain and every hacker in the world wants to kick him off. If everyone was focusing on Apple, problems would be exposed there, too.

Sorry but Microsoft has admitted that Windows was not designed with security in mind. Its not market share that is Microsoft's problem with Windows, its the design. VP Valentine said as much in a speech. The market share excuse is a worn out Microsoft marketing ploy.

36 posted on 09/11/2002 2:52:24 PM PDT by toupsie
[ Post Reply | Private Reply | To 33 | View Replies]

To: HAL9000
bump for later read
37 posted on 09/11/2002 2:55:21 PM PDT by savedbygrace
[ Post Reply | Private Reply | To 1 | View Replies]

To: TopQuark
Now, given your impatience with MS, how many operating systems have you written?

I confess I haven't written any.

On the other hand, MS has written SIX PC OS's (95, NT4, 98, ME, 2000, XP) in the last seven years.

Eight if you count 98SE and the two flavors of XP.

I guess that makes them better.

Or something.

38 posted on 09/11/2002 2:55:34 PM PDT by Charlotte Corday
[ Post Reply | Private Reply | To 26 | View Replies]

To: HAL9000
humm, I wonder about this. It seems to me that I read that SP1 of XP allows MS to be able to deactivate any product, software, filetype, etc... at any given time. I recall reading this in the latest publications and that it is stated in the new License Agreement. It is also a "feature" in W2K SP3.... I think I will not upgrade.
39 posted on 09/11/2002 2:59:29 PM PDT by phalynx
[ Post Reply | Private Reply | To 1 | View Replies]

To: Charlotte Corday
I guess that makes them better. And they are if you reflect what "better" means.

However, "better" and "bug-free" are two different aspects of a product.

I guess, I have to say it straighforwardly: when one formulates expectations (such as seeing the bug-free software) one needs to know what is involved in the creation of the product.

We've built a lot of highways, and still have accidents on them. Think about that analogy.

40 posted on 09/11/2002 3:08:59 PM PDT by TopQuark
[ Post Reply | Private Reply | To 38 | View Replies]

To: HAL9000
I'm installing Redhat on the laptop tomorrow.

I F***ing hate Micro$oft.

41 posted on 09/11/2002 3:15:59 PM PDT by thmiley
[ Post Reply | Private Reply | To 1 | View Replies]

To: TopQuark
My issue is, what I want an OS to do is very simple. Provide a fast, consistent, stable interface for disk, graphics, and peripheral access. That's about it. I don't want my OS to be an all-purpose life enhancement tool.

Microsoft has not delivered what I want in an OS because it would shut down the perpetual upgrade machine.

If you had to buy six cars in succession from the same vendor in seven years, would it speak well of the vendor's quality??

42 posted on 09/11/2002 3:16:47 PM PDT by Charlotte Corday
[ Post Reply | Private Reply | To 40 | View Replies]

To: Jalapeno
Just one?

I dunno. Maybe one or two more?

43 posted on 09/11/2002 3:32:52 PM PDT by rdb3
[ Post Reply | Private Reply | To 34 | View Replies]

To: John Robinson; B Knotts; stainlessbanner; TechJunkYard; ShadowAce; Knitebane; AppyPappy; jae471; ...
The Penguin Ping.

Wanna be Penguified? Just holla!

Got root?

44 posted on 09/11/2002 3:33:58 PM PDT by rdb3
[ Post Reply | Private Reply | To 1 | View Replies]

To: SGCOS
Only took my system 2.5 hours to download and install on a 10 MB net connection.

Bwa ha ha ha ha ha!

45 posted on 09/11/2002 3:38:46 PM PDT by Petronski
[ Post Reply | Private Reply | To 13 | View Replies]

To: TopQuark
Now, given your impatience with MS, how many operating systems have you written?

Jeez. What a question. How many automobiles have you built? Do you have to build one--or just pay for one--to be angry when it breaks?

46 posted on 09/11/2002 3:42:42 PM PDT by jammer
[ Post Reply | Private Reply | To 26 | View Replies]

To: HAL9000
Here's The Register's story on it.
In a nutshell: if you use the "Help Center" (just WTF is that?) you can pass it a string to delete directory contents.
If you put "hcp://system/DFS/uplddrvinfo.htm?file://c:\test\*" for a URL in IE it should erase what's under c:\test. However it looks like it only works for XP as my 2k box doesn't have the DFS directory or a uplddrvinfo.htm file.
47 posted on 09/11/2002 4:17:50 PM PDT by lelio
[ Post Reply | Private Reply | To 1 | View Replies]

To: BJungNan
Thanks for the info. I have been relying on BlackIce to prevent hackers from getting into my machine. I went through the operation and did the deed for the 9x Security fix. It was a tad more complicated than I thought, but it works fine with Win 98 SE on my computer. I am using it now with the fix in...

Good Hunting... from Varmint Al

48 posted on 09/11/2002 4:46:02 PM PDT by Varmint Al
[ Post Reply | Private Reply | To 15 | View Replies]

To: general_re
Oh, you're using XP in a mission critical role.

To each his own, I guess...
49 posted on 09/11/2002 4:47:55 PM PDT by Slainte
[ Post Reply | Private Reply | To 25 | View Replies]

To: Cicero
although Win2000 is also stable

I agree. I have Win2000 Professional running on a 500 MHz Gateway laptop that has run 24/7 for a year without a hiccup. Only restarts are when necessary after downloading OS or program updates.

Both Win2000 and XP are much more stable than Win/me in my experience.

Jack

50 posted on 09/11/2002 5:07:15 PM PDT by JackOfVA
[ Post Reply | Private Reply | To 27 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-120 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson