CRITICAL FLAW in Windows XP

[Greg Hess]

Hey guys,

 

I don't usually double post, but this is one hella of a flaw.

 

http://cgi.techtv.com/mediamodule?action=view_video&seen_ad=true&video_src:(

thescreensavers/2002/ss020909c&vidsection=3200042&video_speed=165&video_form

at=asf&version=20020910095425

 

This will occur only with the windows xp kernal, but basically it allows a webpage access to drive level commands, such as copy, delete, deltree, etc. Basically by clicking or browsing a html email, you could have your entire windows directory wiped out, with the inability to use Windows XP after a reboot, resulting in the need to reinstall the entire system.

 

This flaw is solved in Windows XP SP1, so I suggest patching ASAP if you haven't already.

[nisus]

damn!

[HeDaCoM]

yeahhhh DAMN !!!!!!!

I renamed the file uplddrvinfo.htm and now it's ok. but I tried to verify this and it's true ! It erases everything ! no it's ok.. so please erase or rename that file ! it's not needed. it's for the help center of xp.

 

look here for more info..

http://www.theregister.co.uk/content/4/27074.html

 

what is that of giving Bill Gates remote root privileges ?!?!? is that true installing SP1 ???

come on. let's move everyone into linux. hehe. any good rendering package in linux?

 

>from that page:

To get rid of the vulnerability, you have two choices. You can install XP's new SP1, which will give Billg remote root privileges on your box by virtue of his new, Trojan EULA (and silently re-enable some services you may have disabled like 'automatic update'); or you can just go to C:\Windows\PCHEALTH\HELPCTR\SYSTEM\DFS\ and find the file uplddrvinfo.htm. This you can simply delete or rename. But beware of installing MS patches later on: these have a funny tendency to restore files and settings outside their immediate purview, back to Redmond defaults.