I know this is kind of an old issue here, but i found this in my mailbox tonight (dated 10/16) and need to vent a little.

******************
Microsoft Security Bulletin MS02-060: Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)

Title: Flaw in Windows XP Help and Support Center Could Enable
File Deletion (Q328940)
Date: 16 October 2002
Software: Microsoft Windows XP
Impact: Delete files on the user's system
Max Risk: Moderate
Bulletin: MS02-060
******************

DID YOU catch thAT, "Max Risk: Moderate" this flaw can delete everthing in the windows directory or anything else for that matter and they have the nerve to say the risk is moderate !?! Who in hell do they think their sending these bullitens too?


Hes the best part:

******************
A security vulnerability is present in the Windows XP version of Help
and Support Center, and results because a file intended only for use
by the system is instead available for use by any web page. The
purpose of the file is to enable anonymous upload of hardware
information, with the user's permission, so that Microsoft can
evaluate which devices users are not currently finding device drivers
for. This information is then used to work with hardware vendors and
device teams to improve the quality and quantity of drivers available
in Windows. By design, after attempting to upload an XML file
containing the hardware information, the system deletes it.
******************

This gaping hole is caused by MS-SPYWARE! They can say anything they want to cover up their theiving asses, its still the same kind of lines doubleclick uses.

You might wonder why i call them theives (like everybody dosn't). if im paying for an internet connection and they take it upon themselves to use the service that i pay for to conduct their business on, thats called theft of services.