Slashdot Mirror

← Back to Stories (view on slashdot.org)

WinXP Security Flaw

Posted by ryuzaki0 on from the can-root-my-dad's-new-laptop dept.

Many readers have submitted word of the newest security hole in Windows XP. joshjs, for instance, writes: "Don't know if this is common knowledge at this point or not, but apparently some security researchers discovered that Windows XP's universal plug and play features contain a huge security flaw: 'A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. ... Microsoft made available on its Web site a free fix for both home and professional editions of Windows XP and forcefully urged consumers to install it immediately.' Read more at the Washington Post's story." No OS is perfectly secure, but I bet a lot of new XP owners won't be too happy about this. Update: 12/20 20:05 GMT by T : fcrick submits a link to the same AP story at Wired, and several readers have pointed out that a patch is available. Update: 12/20 21:31 GMT by T : And as banuaba writes: "This hole also affects versions of 98 with XP File sharing installed and all versions of ME."

5 of 628 comments (clear)

  1. First security hole? by wraithgar · · Score: 2, Troll

    "This is the first network-based, remote compromise that I'm aware of for Windows desktop systems," said Scott Culp..

    HAHAHAHAHAH.. Oh man what rock has he been under?

  2. Bug counter on the web by famazza · · Score: 3, Troll

    Is there any MS Windows XP bug counter on the web? Something like:

    • "1233 bugs registered up to now".

    I think it would be funny, we could also compare with Linux 2.4.x bugs. And maybe we can also have a Score thing, or something like /.

    Any suggestion? Any website that already do this?

    --

    -=-=-=-=
    I know life isn't fair, but why can't it ever be un-fair in MY favor!?
  3. Re:XP Owners by duffbeer703 · · Score: 2, Troll

    You don't own Linux either. It is licensed to you under the GNU General Public License.

    Linux is owned by Linux Tordvals and others.

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK
  4. Not FUD by duffbeer703 · · Score: 2, Troll

    "Linux" the trademark is owned by Linus

    "Linux" the copyright is owned by Linus and others.

    The GPL is a EULA which assigns you specific rights regarding distribution & modification. It is no different legally than a Microsoft, Oracle or IBM license. It's contents are obviously different.

    A copy of the GNU General Public License is available here. Please read it.

    http://www.gnu.org/licenses/gpl.txt

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK
  5. The scariest thing by Anonymous+Brave+Guy · · Score: 2, Troll
    As far as I know, the UPNP feature is brand new, so it shouldn't be based on any existing code base, yet MS programmers are *still* using unsafe commands (presumably) and not doing bounds checking. This is a buffer overflow vulnerability in a new product, for fuck's sake.

    That's almost scarier than the fact that the exploit is there in the first place. Buffer overflows just shouldn't be possible in well-written software. The fact that MS continues to get them betrays the fact that the languages, tools and/or libraries they're using to write these products are not suitable for the job, and that means there could be any number of other problems (security or otherwise) with the same products.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.