Skip to comments.Windows XP contains massive security hole
Posted on 09/11/2002 1:40:24 PM PDT by HAL9000
Windows XP contains massive security hole
Install the Service Pack and, shush, don't tell anyone...
MICROSOFT'S RUSH to get Windows XP SP1 out and about may have been motivated by a desire to hide a vulnerability afflicting the operating system (cough) that allows hackers to delete files from a computer accessing a tweaked web page.
According to this Spanish-language site, a Googled translation of which is here, "a defect in Windows XP allows that anyone can erase archives of our computer if click becomes on a connection maliciously constructed, as much when visiting a malignant Web site, like a receiving a message with format HTML". Sorry about the language, but you get the picture.
A reader writes a little more clearly that this vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially-formed URL. He points to Gibson Research here, where they warn, "This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon."
This is a critical vulnerability and one Microsoft has done its best to keep secret, it seems.
Another reader tells us he saw a report on TechTV, the background to which they give here where they state that Microsoft has known about the flaw for some 11 weeks but kept the lid on it because it is so easy to exploit.
Microsoft urges Windows XP users to download the Service Pack and install it as quickly as possible. You can find that here . It's a large file, though, and CD versions are only available on the US and Canada at the moment, according to Microsoft.
The advice from various sources for users unable to install the Service Pack is to find and rename the affected file uplddrvinfo.htm. µ
LOL! I downloaded SP1 for XP pro, and now my computer reboots whenever it want's to. It's done it 3 times today so far.
|What a surprise, a Microsoft product with security flaws! < /sarcasm>|
Yes, I switched, and I'm a much happier computer user now.
Don't you also need my mother's maiden name...to generate by new security key?
...I know, I know, but I've never seen a mac in any (about 20-30) corporate finance/accounting settings since an old Classic was used as a foot rest back in 1993. I'll change when they change, I gotta eat.
Only took my system 2.5 hours to download and install on a 10 MB net connection.
For those of you running Windows 9x (Windows 95/98) he has a very good trick to significantly increase you on line security.
Excerpt from the site on this subject (95/98 security):
Discipline your network bindings in the privacy of your own home.
Microsoft's networking technology is only required for sharing files and printer services with other Microsoft-based PC's. It is not needed for connecting to the Internet or for using any Internet services. Using it in wide area networking (WAN - like the Internet) situations, dramatically lowers your security by divulging information about you and your computer, exposing Microsoft's weak password protection system to password crackers over the Internet, bringing your machine to the attention of Internet scanners and intruders and making you a target for attack.
When going through the process, if you do, print out the instructions, read through them once. Don't be intimidated. It is very step by step. Then have the instructions next to you as you work through the changes.
Good for you! I installed Jaguar on my work Mac and haven't shut it down or rebooted it since. Sixteen days, 6 hours and 53 minutes of uptime so far and I run all kinds of alpha and beta quality software for work. Flawless performance. As a bonus, Apple gave me a cool program yesterday called, iCal. A really nice calendar application--for free!
Too bad that was 2.4 hours more than the hacker needed to steal data off your hard drive! :P
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.