Slashdot Mirror

← Back to Stories (view on slashdot.org)

WinXP Security Flaw

Posted by ryuzaki0 on from the can-root-my-dad's-new-laptop dept.

Many readers have submitted word of the newest security hole in Windows XP. joshjs, for instance, writes: "Don't know if this is common knowledge at this point or not, but apparently some security researchers discovered that Windows XP's universal plug and play features contain a huge security flaw: 'A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. ... Microsoft made available on its Web site a free fix for both home and professional editions of Windows XP and forcefully urged consumers to install it immediately.' Read more at the Washington Post's story." No OS is perfectly secure, but I bet a lot of new XP owners won't be too happy about this. Update: 12/20 20:05 GMT by T : fcrick submits a link to the same AP story at Wired, and several readers have pointed out that a patch is available. Update: 12/20 21:31 GMT by T : And as banuaba writes: "This hole also affects versions of 98 with XP File sharing installed and all versions of ME."

30 of 628 comments (clear)

  1. PNP by _typo · · Score: 5, Funny
    This gives "Plug and Pray" a whole new meaning.

    Plug your XP box to the internet and pray for the hackers not to find it.

    --

    Pedro Côrte-Real.

    1. Re:PNP by DA_MAN_DA_MYTH · · Score: 3, Funny

      If your prayers are not answered PNP should be changed to PNLSEP:

      Plug and Let Someone Else Play.

      --
      "It takes many nails to build a crib, but one screw to fill it."
  2. This feature courtesy of al_quesadia? by sunking7 · · Score: 1, Funny

    Was this what they were suggesting they'd done to compromise XP?

    --
    "a powerful and unexpected ally..."
  3. Well.. by Arcanix · · Score: 5, Funny

    It's not really Microsoft's fault, if this guy would've stayed quiet then WinXP would still be secure today.

  4. but Microsoft gets it now - by bourne · · Score: 5, Funny

    "Oh, you wanted a DOOR to hang that lock on.... Sure, I guess we could do that..."

  5. Heh by Auckerman · · Score: 5, Funny

    "This is the first network-based, remote compromise that I'm aware of for Windows desktop systems," said Scott Culp, manager of Microsoft's security response center."

    This speaks for itself

    --

    Burn Hollywood Burn
  6. Re:First security hole? by coolgeek · · Score: 5, Funny

    "What rock has he been smoking" is perhaps more appropriate.

    --

    cat /dev/null >sig
  7. It's time for new marketing... by freerangegeek · · Score: 3, Funny

    It's so neat to see "Intel Inside" and "Windows" stickers on all these nice software boxes. With Microsoft's new dedication to security, I'm thinking its time we print up some nice "RedCode Enabled" or "Nimda Friendly" stickers. Then all I anyone needs to do is make a visit to the local computer outlet to upgrade the Windows OS boxes they have out on the shelves to buy.

    When the big virus/worm/... that exploits this hole is announced, maybe we can print up stickers to apply to all those nice shiny new XP boxes.

  8. but what about the Internet Connection Firewall??? by kryzx · · Score: 5, Funny
    Here's a little gem from the MS XP site

    Now Windows XP offers strong security to home computer users through Internet Connection Firewall protection, which makes your information, computers, and family data safer from intruders as soon as you start using Windows XP.

    I guess that helped a lot.

    --
    "I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve."
  9. Shit, I thought it was a feature.... by 2Bits · · Score: 3, Funny
    Man, when I found two weeks ago that I can remotely control my XP machine and appliances, I thought: "Yeah, finally, something from MS that is usefull". When I do tech support, I don't have to go the user's cubicle anymore, I can just remotely fix the problem.

    And now, this is a security hole. Man, nowaday, you can't know for sure if it's a bug or a feature anymore.

  10. Re:First security hole? by Cato+the+Elder · · Score: 3, Funny

    It's all in the spin...

    "desktop system" means not running any servers

    "compromise" doesn't include DoS (ping of death, etc)

    "remote" apparently means the user doesn't have to do anything. I mean, come on, when you try to read your mail with Outlook Express, everyone knows that your system is as good as cracked already.

    I have know idea why he used the phrase 'network-based, remote' Is there some other remote way of talking to Microsoft computers? Some radio signal you can send that instantly gives you full access?

  11. Reset the slogan timer again by Waffle+Iron · · Score: 5, Funny

    "Over four hours without a remote hole in the default install!"

  12. Re:Bug counter on the web by Wee · · Score: 3, Funny
    Is there any MS Windows XP bug counter on the web

    Here's how the MS build team could find out:

    #!/bin/sh
    cd win32/src
    echo "Bugs found: " wc -l ./*.h ./*.cpp | grep total

    Just pipe that out to some place where a web server could get to it and you have numbers.

    They have shell on Win32, right? Or maybe they build on *nix... :-)

    -B

    --

    Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.

  13. You gotta love it... by BadDoggie · · Score: 5, Funny
    I know I do. "Hackers" can sieze control if people connect to the Net. MS makes a free fix[1] available on their Web site. Like, through the Net. So eXPendable users are basically forced to play Russian Roulette when they get on-line.

    Oh the fun you could have with BackOrificeXP right now... User tries to get patch, Evil haX0r-d00d shoots out a pop-up and mp3: a little Strauss music and a MsgBox reading, "I don't think I can let you do that, Dave."

    woof.

    [1] As opposed to that Win95 "fix" they called Win98 that you had to pay for.

    How do you forcefully urge people?

  14. Microsoft has come out with a new book recently... by jkujawa · · Score: 4, Funny

    Along similar lines of "Writing Solid Code".

    Wait for it, wait for it...

    "Writing Secure Code"

  15. This should not surprise you. by foxtrot · · Score: 3, Funny

    Haven't you seen the commercials? A huge multi-media advertising blitz to tell us all that _Everything_ is easier in XP.

    -JDF

  16. isnt the amount of time it takes to fix this... by night_flyer · · Score: 3, Funny

    about the same amount of time that MicroSoft said that installing XP would save?

    --


    Thanks to file sharing, I purchase more CDs
    Thanks to the RIAA, I buy them used...
  17. maturity by geekoid · · Score: 3, Funny

    XP is an inmature OS. There are going to be tons of problems, just like any other new OS.
    Why company would switch to ANY OS that is less then 3 years old is beyond me.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  18. Re:First security hole? by sharkey · · Score: 2, Funny

    "remote" apparently means the user doesn't have to do anything.

    Well, with Windows 95, you don't have to do anything. Just wait, and it'll go down by itself.

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  19. Re:but what about the Internet Connection Firewall by Black+Parrot · · Score: 2, Funny

    > Here's a little gem from the MS XP site [microsoft.com]
    Now Windows XP offers strong security to home computer users through Internet Connection Firewall protection, which makes your information, computers, and family data safer from intruders as soon as you start using Windows XP.
    That's a typo. It's supposed to say "makes your information safer for intruders as soon as you start using Windows XP."
    --
    Sheesh, evil *and* a jerk. -- Jade
  20. Apply the patch. Oh THAT'll work by Unknown+Bovine+Group · · Score: 2, Funny
    We all remember how diligent MS OS users are about security patches
    **cough** code-red **cough**

    --
    m00.
  21. Re:but what about the Internet Connection Firewall by sharkey · · Score: 3, Funny

    ...safer from intruders as soon as you start using Windows XP

    But is it faster and more fun? I'm still waiting for that promised Windows 95 feature to be implemented in ANY version of Windows.

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  22. Wow.. by Anonymous Coward · · Score: 1, Funny

    I wish^H^H^H^H COULD have a Beowulf cluster of those.

  23. Re:Kinda serious? by Anonymous Coward · · Score: 1, Funny

    I heard a lot of Nazi soldiers lost their jobs after WW2...

  24. Re:Kinda serious? by ethereal · · Score: 2, Funny

    Hey, they're all supposed to be such geniuses - think what the software industry would be like if they were spread around a bit and actually using their enormous bulging crania for good rather than evil. If they're as smart as they keep telling us they are, they won't be unemployed for long.

    --

    Your right to not believe: Americans United for Separation of Church and

  25. well, that's a surprise by markj02 · · Score: 1, Funny

    Who would have thought. A security flaw in Windows XP. Related to UPNP. What will they think of next.

  26. Re:Microsoft info by thrig · · Score: 5, Funny

    And the "XP Dramatically More Secure" article from a few months ago:

    http://www.eweek.com/article/0,3658,s%253D701%2526 a%253D16895,00.asp

    Quoting Jim Allchin is fun:

    Windows XP is dramatically more secure than Windows 2000 or any of the prior systems. Buffer overflow has been one of the attacks frequently used on the Internet. We have gone through all code and, in an automated way, found places where there could be buffer overflow, and those have been removed in Windows XP.

    D'oh...

  27. The speed of reportnig in other media by eyeball · · Score: 3, Funny

    Ha! I heard this on AM radio before I heard it on Slashdot.

    --

    _______
    2B1ASK1
  28. Re:Microsoft info by calags · · Score: 2, Funny

    I don't know about "more secure" but this is certainly dramatic :)

    --
    Never attribute to stupidity what can be construed as a monopoly preservation tactic.
  29. Re:Plug & Play port 5000 (correction) by Brummund · · Score: 3, Funny

    Well, who needs FBI's "Magic lantern" when Bill is already sitting in the box, operating his full stadium light show at port 1900 ?

    :-)