Windows XP SP2 features security crater

[Professur]

Windows XP Service Pack 2 has a flaw that gives users a false sense of security - quite literally. One report describes the security hole as a 'crater'. The vulnerability lies in the web systems management interface (WBEM), which allows downloadable code to spoof firewall status information.

source


Ah, shit, here we go again.

 

[Professur]

The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered

The vulnerability allows malicious websites to place an executable file in a user's start-up folder when a user drags or clicks on a program masqueraded as an image. http-equiv of malware.com, a so-called White Hat hacker, has posted a sample exploit which demonstrates security weaknesses in the drag and drop function of IE that give rise to the exploit.

source

 

[IDLEchild]

Why people still use IE eludes me.

 

[PT]

YAY for Windows. I knew they could pull it off.

 

[Luis G]

Why people still use IE eludes me.

Me neither, my best bet is ignorance, stupidity or laziness.

 

[Gonz]

or thewy (we) prefer it to nutscrape or any of it's 50gazillion imitators.

 

[Professur]

MICROSOFT HAS ISSUED a Knowledge Base article which says that if you install Windows XP SP2 on a machine with an AMD 64-bit chip your computer may repeatedly re-start.
The workaround, said Microsoft, is to remove Windows XP SP2 from your computer. The problem happens if you install hardware that uses the mpegport.sys, you've got an AMD 64 bit chip, and you've enforced the NX flag, also known as no execute protection, on a machine.

You may also be able to configure what Microsoft dubs a DEP exception to get round the problem.

The mpegport.sys driver tries to write data to a memory location that's protectd by DEP.

So let's get this right. You buy an AMD64 machine because you want the extra protection the NX feature will give you.

That causes your machine to repeatedly re-start. So you have to remove SP2 which supports this nifty AMD feature.

source

 

[HomeLAN]

Thank you, Microshit.

 

[tommyj27]

I thought SP2 is a security crater.

 

[Mirlyn]

So I heard something second hand the other day, take it as lightly and with as many grains of salt as needed.

A former MS programmer works a floor above me. Used to be on the network filesystem team. I guess MS hasn't touched the TCP/IP stack since NT3.51 with the exception of some random hooks to tie stuff like RPC and PnP to. This is an inherent security risk, as the firewall code which Windows uses attaches to these hooks, which forces the entire stack to be completely up before the firewall code can start. This means the average computer is unprotected for 30-60 seconds on boot, more than enough time during a virus outbreak. Well, I guess MS finally decided to rework the stack to better integrate the firewall and other stuff, and removed lots of these so-called hooks. Same hooks Windows used, and thus the same hooks many, many network-based programs use, hence the delayed official public release of it (to allow businesses to rewrite network stuff, if needed and offer patches).

I'm not going to begin the testing process on any of my or my clients' machines until at least two weeks after it hits winupdate for everyone.

In the meantime, 2.4.27 was released and I'm staying busy with that.