Forum Home
Press F1

Thread ID: 48398	2004-08-21 23:45:00	XP SP2 patch already needs fixing	PressF1 User (1065)	Press F1

Post ID	Timestamp	Content	User
264096	2004-08-21 23:45:00	From the UK Register... ----------------------------------------------------------- XP SP2 über patch already needs fixing By John Leyden Published Friday 20th August 2004 10:34 GMT The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered The vulnerability allows malicious websites to place an executable file in a user's start-up folder when a user drags or clicks on a program masqueraded as an image. http-equiv of malware.com, a so-called White Hat hacker, has posted a sample exploit which demonstrates security weaknesses in the drag and drop function of IE that give rise to the exploit. Even though this demo depends on the user performing a drag and drop event, it might be rewritten so a user need only perform a single click on an image instead, according to security firm Secunia. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Users of IE 5.5 and 5.01 are also affected. Secunia says the "highly critical" vuln could be exploited by attackers to obtain full system access to vulnerable systems. Microsoft has yet to issue a patch, but workarounds are available. Secunia advises users to disable Active Scripting or use an alternative browser to protect themselves from attack. ® -----------------------------------------------------------	PressF1 User (1065)
264097	2004-08-22 22:04:00	This problem was around before SP2 so it doesn't mean you shouldn't install it!!	CYaBro (73)
264098	2004-08-22 22:14:00	He's right, and the funny thing is that a week from now there will be another IE or WinXP SP2 Vulnerability.... Still install SP2! Its worth it for the small enhancements, and it means that (hopefully) we wont ever have a world full of blaster-virus-sharing PC's! Chill.	Chilling_Silence (9)
264099	2004-08-22 23:38:00	just out of interest.. can the blaster worm still do any damage to microsoft?	willie_M (5608)
264100	2004-08-23 10:39:00	Just read the latest IDG anti virus news and a very interesting excrpt on XP sp2 and the programs that wont run after installing. check out this link and note the big and commonly used names in Anti Virus and Firewalls. Myself I will be holding off installing the damn thing till there are more fixes.	dipstick01 (445)
264101	2004-08-23 11:06:00	Yes the blaster worm still can on un-patched boxes. That's why slipstreaming XP SP2 is a good idea :-)	Chilling_Silence (9)
264102	2004-08-23 11:31:00	>That's why slipstreaming XP SP2 is a good idea Why would helping microsoft be good?	willie_M (5608)
264103	2004-08-23 11:52:00	You're helping yourself because otherwise you're the drone and your Internet speeds will crawl and possibly incur massive bandwidth charges depending on your internet plan. If you're against the Microsoft trend, then use another OS, like Linux, Unix, BSD, Solaris, OS/2... Take ya pick ;-)	Chilling_Silence (9)
264104	2004-08-23 14:28:00	a random clip of a story off the internet about the holes in SP2 But, if I’ve read Seltzer correctly, the recipe for the vulnerability’s exploit consists of one part technology, four parts social engineering, and five parts a really dumb user. Says Seltzer, it’s the equivalent of being successfully victimized by an e-mail from your car manufacturer that says "Our records show that the gas tank in your car model tends to collect dirt deposits. To preserve your vehicle warranty, we recommend that you add a cup of ordinary laundry detergent with each tank of gas." He’s got a point.	robsonde (120)
264105	2004-08-23 21:25:00	> "Our records show that the gas tank in your car model > tends to collect dirt deposits. To preserve your > vehicle warranty, we recommend that you add a cup of > ordinary laundry detergent with each tank of gas." Bugger, umm, anyone know a good mechanic :8} Cheers Murray ;P	Murray P (44)
1