Slashdot Mirror


Security Vulnerabilities Discovered in WinXP SP2

SoTuA writes "Few months after SP2 hit windowsupdate.com, Finjan Software reports that security flaws have been found in WinXP SP2, including malicous code execution without user intervention. Finjian has turned over the findings, along with proof-of-concept, to Microsoft."

14 of 343 comments (clear)

  1. Well, users can... by Anonymous Coward · · Score: 5, Funny

    Just upgrade to Windows XP SP2.

    Oh... wait...

  2. Then Billy Gates.... by Anonymous Coward · · Score: 5, Funny

    waves his hand mysteriously and says "These are not the exploits you are looking for."

  3. Love the article by the_Bionic_lemming · · Score: 5, Funny

    "Browsing a web page" can cause you to lose the machine to a malicious hacker.

    What - they just discovered Gator?

    --
    _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  4. Who'd have thought it by TykeClone · · Score: 5, Funny

    Security vulnerabilities in a 250MB update? Never would have guessed!

    --
    A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
  5. Hmm... by northcat · · Score: 5, Funny

    "Security vulnerability discovered in Windows" has become as common as "Britney Spears gets married".

    1. Re:Hmm... by The-Bus · · Score: 5, Funny

      I know. I'm getting tired of hearing about the same insecure, overrated, virus-filled, money-hungry useless piece of crap without any redeeming qualities.

      I'm sure I'll get tired of hearing about Microsoft too.

      --

      Small potatoes make the steak look bigger.

  6. ...and Clippy sez... by mangu · · Score: 5, Funny

    "I see you are looking for an exploit..."

    1. Re:...and Clippy sez... by Neil+Blender · · Score: 5, Funny

      ?"I see you are looking for an exploit..."

      And Open Office sez: Hey, hey, I'm a lightbulb!! Lower right hand corner? HELLO? LIGHTBULB HERE! That means I have an idea to make your life better...HEY LOOK AT ME! HAHA preferences - they mean nothing. Just try and turn me off! YOU CAN'T! Oh, let me capitalize that first letter for you in your spreadsheet. WHAT? You don't like that? Preferences you say? Perhaps you didn't hear me the first time.

  7. Re:So surprising.... by RealProgrammer · · Score: 5, Funny
    • At what point does a story become so routine that it no longer counts as news?

    When it doesn't get any comments.

    --
    sigs, as if you care.
  8. What? by Lisandro · · Score: 5, Funny

    It's that time of the month already?

  9. Exploit code sample by Ingolfke · · Score: 5, Funny
    This is another example of Microsoft offering too much in the WinAPI without doing adequate security checking. The exploit utilizes a function in VBScript, unique to IE, intended for system administration scripts. A sample is provided below.
    'Sample will provide a handle back to the local box. The object provides several methods for manipulating the box.
    <script language="vbscript">
    objMyBox = TakeOverXPBoxen(me)
    objMyBox.RunArbitraryCode("...")
    </script>
    What is really concerning is that the 'TakeOverXPBoxen' function accepts hostname or IP address strings.

    I hate to rant, but this type of poor security checking is pathetic. Surely they should have known that all they would have needed to do was check the evil bit on the remote transfers to see if the data was safe or not. Someone in the OS community would have done this.

    You do have to hand it to Microsoft though, the code is very easy to implement and quite elegant if you ask me.
  10. Good work by TheRealFixer · · Score: 4, Funny

    I have to hand it to Microsoft. I remember all those virus hoaxes I used to get in my email. "Don't even open this email or you'll get a virus!" Don't look at this image, or your machine will get hacked!" "Don't visit this web page, or your drive will get formatted!" And I used to think, "Gee, why *can't* I hose my machine by doing those things? That sounds like it would be so cool to see!"

    Well, thanks to Microsoft and their brilliant innovation, tireless effort, and boundless resources, they finally made all those mid-to-late-90s virus hoaxes a reality. I raise my glass to them.

  11. It's all clear now by HangingChad · · Score: 4, Funny
    1. Sell buggy insecure software
    2. Sell still more software to make the original software marginally safe
    3. Profit!!!!
    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  12. Please don't post these stories on the weekend by Edmund+Blackadder · · Score: 5, Funny

    Dear slashdot.

    Why must you post these stories on the weekend? You have just ruined the saturday of the whole MS marketing department. Now everyone of them has to cancel their plans, log on slashdot and start making posts about how "no OS is secure" and "it is all the users' fault" and "these guys are just trying to scare up some business". And the ever favourite "if Linux was that popular it would have just as many security flaws".

    Well that is their job and they do it well, but why must you force them to do it on the weekend? Why can't they be with their families. Even marketoids have lives (I hear).