Re: what do we make of this........
From: Alex (alex@lok.com)Date: 09/11/02
- Previous message: Chris Berry: "Re: IE 6.0 SP1 and Alexa Ad-ware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alex" <alex@lok.com> To: security-basics@lists.securityfocus.com Date: Wed, 11 Sep 2002 01:23:25 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
I've been lurking here for a couple months now, and you guys have taught me a lot.
Regarding this XP vulnerability: Last night on TechTV's show the Screensavers they talked about this exact problem. Here is a snippet (http://www.techtv.com/screensavers/shownotes/story/0,24330,3398516,00.html) from their site:
- -------------
As mentioned earlier in the show, Microsoft released a service pack for Windows XP. It fixes a serious security hole that Microsoft has known about for more than 11 weeks.
The security hole involves Windows XP help. The hole lets anyone put a link on a website that can wipe out certain hard-drive directories.
If, for whatever reason, you don't or can't download the service pack, there is an alternative. There's a file you can rename or delete to fix the security hole. Here are the steps:
1. Perform a search for a file on your C drive called uplddrvinfo.htm.
2. Once you've found the file, delete it or rename it. Doing so will not hinder your ability to use Windows XP.
For more information about the security hole, visit Gibson Research.
- --------
So, for those that don't have access to a fast connection, this is a quick workaround for the problem.
Alex
>
> from http://grc.com/default.htm
>
> Attention Windows XP Users
>
> A little-known but critical vulnerability exists in Windows XP.
>
> It has recently been repaired in Service Pack 1.
>
> This vulnerability allows the files contained in any specified
>directory on your system to be deleted if you click on a specially
>formed URL. This URL could appear anywhere: sent in malicious eMail,
>in a chat room, in a newsgroup posting, on a malicious web page,
>or even executed when your computer merely visits a malicious web
>page. It is likely to be widely exploited soon.
>
> This vulnerability is so dangerous that it would be irresponsible
>for me to say more. Microsoft has known of this problem for months
>and has, inexplicably, done nothing before now. Although XP's Service
>Pack 1 is not small (approx 30 MB for express installation or 140
>MB for the network install), and even though a much quicker and
>easier solution to this problem exists, the only thing I can safely
>recommend (without revealing too much) is to urge all XP users to
>somehow obtain and install Service Pack 1 immediately. (If you
>have a slow Internet connection, perhaps a friend can download the
>executable Service Pack file and burn it onto a CD for you?)
>
> This problem does not affect any systems other than Windows XP. If
>you have any friends or co-workers running Windows XP, please
>urge them to update their systems' too. Once the details of this
>vulnerability have leaked through other channels I will provide
>additional information.
>
>
>
***** BEGIN SIGNED HEADER INFORMATION *****
A copy of the relevant headers has been
placed into this section for verification
by digital signature.
Message sent at Wed Sep 11 01:23:24 2002
From -- "Alex" <alex@lok.com>
Subject -- Re: what do we make of this........
To -- security-basics@lists.securityfocus.com
cc -- cteodorski@ppg.com
***** END SIGNED HEADER INFORMATION *****
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE9ftNMurCWxq4GrBwRAkJxAKCC4zGRK1k5ldqCBd0Ut8EGD7/lswCfQJwN
xdzVueeD8a0SiGl8gGvM+Yo=
=+pf5
-----END PGP SIGNATURE-----
- Previous message: Chris Berry: "Re: IE 6.0 SP1 and Alexa Ad-ware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
