Slashdot Mirror


WinXP Security Flaw

Many readers have submitted word of the newest security hole in Windows XP. joshjs, for instance, writes: "Don't know if this is common knowledge at this point or not, but apparently some security researchers discovered that Windows XP's universal plug and play features contain a huge security flaw: 'A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. ... Microsoft made available on its Web site a free fix for both home and professional editions of Windows XP and forcefully urged consumers to install it immediately.' Read more at the Washington Post's story." No OS is perfectly secure, but I bet a lot of new XP owners won't be too happy about this. Update: 12/20 20:05 GMT by T : fcrick submits a link to the same AP story at Wired, and several readers have pointed out that a patch is available. Update: 12/20 21:31 GMT by T : And as banuaba writes: "This hole also affects versions of 98 with XP File sharing installed and all versions of ME."

10 of 628 comments (clear)

  1. PNP by _typo · · Score: 5, Funny
    This gives "Plug and Pray" a whole new meaning.

    Plug your XP box to the internet and pray for the hackers not to find it.

    --

    Pedro Côrte-Real.

  2. Well.. by Arcanix · · Score: 5, Funny

    It's not really Microsoft's fault, if this guy would've stayed quiet then WinXP would still be secure today.

  3. but Microsoft gets it now - by bourne · · Score: 5, Funny

    "Oh, you wanted a DOOR to hang that lock on.... Sure, I guess we could do that..."

  4. Heh by Auckerman · · Score: 5, Funny

    "This is the first network-based, remote compromise that I'm aware of for Windows desktop systems," said Scott Culp, manager of Microsoft's security response center."

    This speaks for itself

    --

    Burn Hollywood Burn
  5. Re:First security hole? by coolgeek · · Score: 5, Funny

    "What rock has he been smoking" is perhaps more appropriate.

    --

    cat /dev/null >sig
  6. but what about the Internet Connection Firewall??? by kryzx · · Score: 5, Funny
    Here's a little gem from the MS XP site

    Now Windows XP offers strong security to home computer users through Internet Connection Firewall protection, which makes your information, computers, and family data safer from intruders as soon as you start using Windows XP.

    I guess that helped a lot.

    --
    "I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve."
  7. Reset the slogan timer again by Waffle+Iron · · Score: 5, Funny

    "Over four hours without a remote hole in the default install!"

  8. You gotta love it... by BadDoggie · · Score: 5, Funny
    I know I do. "Hackers" can sieze control if people connect to the Net. MS makes a free fix[1] available on their Web site. Like, through the Net. So eXPendable users are basically forced to play Russian Roulette when they get on-line.

    Oh the fun you could have with BackOrificeXP right now... User tries to get patch, Evil haX0r-d00d shoots out a pop-up and mp3: a little Strauss music and a MsgBox reading, "I don't think I can let you do that, Dave."

    woof.

    [1] As opposed to that Win95 "fix" they called Win98 that you had to pay for.

    How do you forcefully urge people?

  9. Microsoft has come out with a new book recently... by jkujawa · · Score: 4, Funny

    Along similar lines of "Writing Solid Code".

    Wait for it, wait for it...

    "Writing Secure Code"

  10. Re:Microsoft info by thrig · · Score: 5, Funny

    And the "XP Dramatically More Secure" article from a few months ago:

    http://www.eweek.com/article/0,3658,s%253D701%2526 a%253D16895,00.asp

    Quoting Jim Allchin is fun:

    Windows XP is dramatically more secure than Windows 2000 or any of the prior systems. Buffer overflow has been one of the attacks frequently used on the Internet. We have gone through all code and, in an automated way, found places where there could be buffer overflow, and those have been removed in Windows XP.

    D'oh...