About | Buy Stuff | News | Products | Rants | Search | Security | Social
Home » News » Roundups

SP2: The Other Shoe

20 August 2004 19:52 UTC
Barely hours after users started securing their PCs with Windows XP Service Pack 2, security experts have found ways around it.

Discoveries by security firms Secunia and German Heise show that holes have been left open in Windows XP Service Pack 2.

Malicious programs can hide as images and automatically install and run when Windows is restarted.

All these exploits work with Windows XP Service Pack 2.

Heise found that the selfsame program Microsoft wrote to warn users of running untrusted files can itself be subverted: it is possible to run files downloaded off the Internet without users being warned of what is happening.

Representatives of Microsoft who Heise contacted claimed they didn't need to fix the Service Pack 2 code for the flaw [sic].

Microsoft have otherwise already released a first bug-fix for Windows XP Service Pack 2.


Flaws in SP2 security features
http://heise.de/security/artikel/50051


MSIE Drag-Drop Vulnerability
http://secunia.com/advisories/12321


A Matter of Trust (by Jürgen Schmidt)
http://radsoft.net/resources/rants/20040820,00.html

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.