[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <A602E8773F5D4A4B88488E0579709C4FF3F1@phy-nas-exc.corp.phyve.com>
From: Paul.Tinsley at phyve.com (Paul Tinsley)
Subject: XP security hole uplddrvinfo.htm
Sorry if this has already been posted but I was made aware of a rather
ugly security hole in Windows XP.
Excerpt from Gibson Research (http://grc.com/default.htm)
Attention Windows XP Users
A little-known but critical vulnerability exists in Windows XP.
It has recently been repaired in Service Pack 1.
This vulnerability allows the files contained in any specified directory
on your system to be deleted if you click on a specially formed URL.
This URL could appear anywhere: sent in malicious eMail, in a chat room,
in a newsgroup posting, on a malicious web page, or even executed when
your computer merely visits a malicious web page. It is likely to be
widely exploited soon.
This vulnerability is so dangerous that it would be irresponsible for me
to say more. Microsoft has known of this problem for months and has,
inexplicably, done nothing before now. Although XP's Service Pack 1 is
not small (approx 30 MB for express installation or 140 MB for the
network install), and even though a much quicker and easier solution to
this problem exists, the only thing I can safely recommend (without
revealing too much) is to urge all XP users to somehow obtain and
install Service Pack 1 immediately. (If you have a slow Internet
connection, perhaps a friend can download the executable Service Pack
file and burn it onto a CD for you?)
This problem does not affect any systems other than Windows XP. If you
have any friends or co-workers running Windows XP, please urge them to
update their systems' too. Once the details of this vulnerability have
leaked through other channels I will provide additional information.
Stopgap solution found on Screen Savers website
(http://www.techtv.com/screensavers/shownotes/story/0,24330,3398516,00.h
tml)
If, for whatever reason, you don't or can't download the service pack,
there is an alternative. There's a file you can rename or delete to fix
the security hole. Here are the steps:
Perform a search for a file on your C drive called "uplddrvinfo.htm."
Once you've found the file, delete it or rename it. Doing so will not
hinder your ability to use Windows XP.
Powered by blists - more mailing lists