| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 24391 | 2002-09-10 01:14:00 | Windows XP SP1!! | CYaBro (73) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 77943 | 2002-09-10 01:14:00 | I found this today. Thought I better tell everyone! grc.com |
CYaBro (73) | ||
| 77944 | 2002-09-10 02:05:00 | To save people from unnecessarily following the link to GRC, here's what Steve has to say about Windows XP: Attention Windows XP Users A little-known but critical vulnerability exists in Windows XP. It has recently been repaired in Service Pack 1. This vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially formed URL. This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon. This vulnerability is so dangerous that it would be irresponsible for me to say more. Microsoft has known of this problem for months and has, inexplicably, done nothing before now. Although XP's Service Pack 1 is not small (approx 30 MB for express installation or 140 MB for the network install), and even though a much quicker and easier solution to this problem exists, the only thing I can safely recommend (without revealing too much) is to urge all XP users to somehow obtain and install Service Pack 1 immediately. (If you have a slow Internet connection, perhaps a friend can download the executable Service Pack file and burn it onto a CD for you?) This problem does not affect any systems other than Windows XP. If you have any friends or co-workers running Windows XP, please urge them to update their systems' too. Once the details of this vulnerability have leaked through other channels I will provide additional information. Click here to get Win XP SP1. Mike. |
Mike (15) | ||
| 77945 | 2002-09-10 03:06:00 | http://www.grcsucks.com | BIFF (1) | ||
| 77946 | 2002-09-10 09:47:00 | Well I spotted the link at GRC early this morning and downloaded it. Only problem was having to reinstall my video drivers. NvCpl.dll would not load. |
-=JM=- (16) | ||
| 77947 | 2002-09-10 22:51:00 | If you want instant protection you need only delete: %windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.h tm Steve Gibson ever the showman keeps it mysterious! |
BIFF (1) | ||
| 77948 | 2002-09-10 23:13:00 | . theregister . co . uk/content/55/27048 . html" target="_blank">www . theregister . co . uk IE 6 SP1 omits fixes for 20 outstanding flaws By John Leyden Posted: 10/09/2002 at 14:57 GMT Researchers have discovered that inadequate security restrictions in Internet Explorer make it possible for an attacker to execute script on any Web page that containing frames . Grey Magic Software describes the vulnerability as critical, a warning backed up by several proof of concept demonstrations . Because of the way frames (and iframes) are handled by IE version 5 . 5 and above, attackers are able to get to all sorts of mischief with minimal effort, including: * Read local files from the victim's hard drive, using a default local resource (ironically dubbed "PrivacyPolicy") that contains frames in IE * Execute arbitrary programs on the victim's computer, using the woefully misnamed "PrivacyPolicy" resource * Read a victim's cookie and content from any remote site that contains a frame, which can lead to session-stealing and account compromise on sites containing frames - such as Hotmail * Forge the content of any site that contains a frame . For example, the attacker could show the user a fake login screen at hotmail . com and log the results to a database Users of Internet Explorer 5 . 5 and above are vulnerable to these various exploits with IE 6 . 0 users particularly vulnerable . Fortunately there is a simple workaround available which involves disabling Active Scripting . Well either that or consider moving to an alternative browser . GreyMagic published its advisory yesterday after discovering the flaw in August 4 . Still no word from Microsoft on the issue, a fix for this particular problem doesn't appear in a list of fixes included in Microsoft's release of Service Pack 1 for IE6, which was released today . |
Jim B (153) | ||
| 77949 | 2002-09-10 23:14:00 | But BIFF, Steve Gibson is still correct, SP1 is recommended, and it does correct that problem. Are you trying to tell us not to update XP to SP1? Or are you just on one of those anti-GRC campaigns? Mike. |
Mike (15) | ||
| 77950 | 2002-09-11 00:34:00 | SP1 is a good thing . As is the Hotfix MS had already released to fix the problem (which Steve seems to know nothing about) . I was just offering an instant fix for those worried about this bug . Good 'ol Steve protecting us from the terrible bug, while giving no credit to Shane Hird who did all the hard work! (as usual) see: . uni-stuttgart . de/archive/bugtraq/2002/08/msg00224 . html" target="_blank">cert . uni-stuttgart . de |
BIFF (1) | ||
| 77951 | 2002-09-11 06:50:00 | Steve Gibson does seem to know an awful lut but there are some things which don't seem quite right. He seems to love ZA a bit too much. Also has anyone actually ever been attacked by one of these URLs that can give total control over your PC. |
-=JM=- (16) | ||
| 1 | |||||