September 16th, 2002, 02:20 AM
Win-XP Help Center request wipes your HD
This was sent to me via my local Linux Users Group mailing list and appears to be a serious flaw in WinXP;
From the article:
"A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine, we've learned. Worse, MS has rolled the fix silently into SP1 without making a public announcement."
Read the whole thing at the Register.
Article from Microsoft
Sorry if this has been posted before, I tried a search but for some reason it kept falling over on me here.
September 16th, 2002, 02:33 AM
Yea I posted this when it first came out. It was labeled Crazy XP Sploit. But you had know way of knowing since search doesnt work but oh well . Its a crazy enough exploit to where it needs to be seen again. For those of you interested in the fix for this do a search [if working] for crazy xp sploit or just go to Microsoft Security Discussions and find it on your own. Pretty easy to fix.
Violence breeds violence
we need a world court
not a republican with his hands covered in oil and military hardware lecturing us on world security!
September 16th, 2002, 03:01 AM
Sorry Euclid, I missed that one, but credit where credit is due (after a manual search) here is the link to your post for people to follow:
September 17th, 2002, 01:27 AM
>"A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine, we've learned. Worse, MS has rolled the fix silently into SP1 without making a public announcement."
There is a particular flaw in XP that can, in the event of a user clicking on a certain created 'URL' delete or otherwise destroy the folders SPECIFIED IN THE URL...
M$ did indeed try to hide this exploit, but hey...they had to change the whole code for a section of the XP composite...that's why the Service Pack is at least 30MB.
Don't listen to Linux fanatics or XP fanatics...and use your own head to validate claims.
BTW I run Linux Redhat 7.3 and Win XP on this machine, and have had no problems.
Don't be a weekend analyst...research is always first...
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."