Security Vulnerabilities Discovered in WinXP SP2

SoTuA writes "Few months after SP2 hit windowsupdate.com, Finjan Software reports that security flaws have been found in WinXP SP2, including malicous code execution without user intervention. Finjian has turned over the findings, along with proof-of-concept, to Microsoft."

So surprising....

[SlayerofGods]

At what point does a story become so routine that it no longer counts as news?

As usual, working and playing well with others....

[originalhack]

Step 1: Be polite to Microsoft:

Finjan has notified Microsoft of the vulnerabilities and has shared all relevant technical details with the company.

Step 2: Be polite to Microsoft:

Per its usual policy, Finjan has no plans to go public with details of the flaws until Microsoft has patches available for them.

Step 3: Reap benefits of being polite to Microsoft:

"Our early analysis indicates that Finjan's claims are potentially misleading and possibly erroneous regarding the breadth and severity of the alleged vulnerabilities in Windows XP SP2," the Microsoft statement said.

Does this apply to firefox?

[broothal]

What they said: By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a Web page"

What they meant: By exploiting all vulnerabilities discovered in SP2 by Finjan, attackers can silently and remotely take over an SP2 machine when the user simply browses a Web page with Internet Explorer

Re:Not supprising

[BeerAndLoathing]

Security holes being found isn't usually the issue with microsoft though, it's how long it takes for fixes to arrive.

Re:Not supprising

XP does not come with an SQL server. XP does not come with a PDF viewer. XP does not come with an IRC client. XP does not come with a proxy server. Seeing a pattern here?

Windows needs a rewrite

[linguae]

I believe that with Linux's usability improving each and every year, and Mac OS X's increasing appeal to computer users, sooner or later, Microsoft will be in deep trouble. No OS is completely secure, but Linux and Mac OS X doesn't suffer from the one main problem that faces Windows security: the integration of web browsers (Internet Exploder), media players (Windows Media Player), and e-mail clients (Outlook Express). Windows has a lot of other security issues too, due to huge amounts of legacy code, a horrible system of user management (why must a user be logged in as Administrator to play a game?), insecure services running, and more.

Windows needs a rewrite. The kernel is fine, but there should be a new set of APIs (get rid of legacy stuff), a better command line (with the option of booting into it), disintegration of IE, WMA, and OE (make them separate programs that can be uninstalled), better user management (similar to Unix's user management), and finally, a secure "blue box" that runs "classic" Win32 and Win16 programs (similar to Mac OS X's classic mode). If Microsoft does this, they'll finally have a secure and stable OS, and who knows, I might even recommend Windows to users. But until then, I'm sticking with FreeBSD.

Re:Not supprising

[NemoX]

Windows in an O/S. You just listed 14 vulnerabilities for Applications that just happen to be packaged with RH O/S. Only ONE of above HAVE to be installed to run RH. Whereas, Windows and it's packaged applications, you have no choice but to suck it up when one of it's applications has a flaw, as you cannot uninstall them if something is a serious security threat. I am not saying that any Linux distro, or any O/S for that matter, doesn't have security issues, because they all do, but get better educated before spewing forth you're Linux bashing.

"Please step away from the gun, you are not authorized to use it."