Windows XP SP2 flaw complex but dangerous

[prathapml]

Windows XP SP2 flaw complex but dangerous

Source : ZDnet news

Researchers report that Microsoft's XP SP2 is open to a complex combination of previously known exploits 

Security experts have identified a modified exploit that can target computers running Windows XP SP2.

Although the exploit is tricky to perform, it combines two vulnerabilities in Internet Explorer 6 with a series of ActiveX exploits to break security settings in computers running SP2. It runs when a user moves a file or an image from one part of a Web page to another, but in the process the exploit downloads code to machines that circumnavigates Local Computer security settings in SP2.

Researchers at Danish security company Secunia have labelled the vulnerability as "highly critical" because it allows hackers to access local resources and bypass security features in Windows XP SP2.

"This is the most serious vulnerability for SP2 that we have the moment," said Thomas Kristensen. "The problem is that by exploiting this vulnerability in IE it's possible to drag a file into the local security zone and change the settings. On an SP2 system, this shouldn’t be a problem, but it is still possible to bypass the security with an Active X control."

The company pointed out that Windows XP SP2 does not run Active Scripting in the Local Computer zone, but by performing a series of Active X exploits it is possible to bypass those setting in SP2.

"It's a series of events you have to perform before you are able to bypass security settings," said Kristensen. "It is complicated. But they are several minor issues that can be compromised so it's possible to circumnavigate the security settings."

Kristensen added that SP2 was supposed to tightly lock down the security issues with IE 6, but this was clearly a compromise in it security. He said that the solution was to disable the drag-and-drop or copy-and-paste options on Internet Explorer and set the security level to "high" in the Internet zone.

[tguy]

Yet another reason to stay away from IE. Firefox, Mozilla, Opera all are better.

Be careful when copying quotes from news articles to give credit to the source or they could come after you for plagiarism.

[prathapml]

Be careful when copying quotes from news articles to give credit to the source or they could come after you for plagiarism.

Right. Post edited to give credit to source.

[prathapml]

Hey all, A few thoughts of mine on the above article...

People are seeing all this news about XPSP2 being vulnerable to security holes, and the news about upgrades to SP2 being problematic, and confusing the two. The SP2 upgrade will be fine if you do it correctly, and the SP2 holes exist in previous versions as well. I hate the way in which these news sites write articles - it makes you think, that *ONLY* SP2 is having these problems. Fact is, what they actually mean to say is, these security holes exist in XPSP1 and SP0 as well - its just that SP2 was not perfect enough to fix all the holes. And let me tell you, nothing can possibly be perfect, least of all in the IT sector where ppl have fun in finding vulnerabilities to hack into.

Please spread the reality - its not like

OMG !!!!111

SP2 has so many vulnerabilities!

Windows always had so many vulnerabilities, of which a majority got fixed with SP2. But a few still remain. So if you see these news reports and decide that SP2 is not good enough for you - you got to be an id***. Because SP1 and SP0 is even worse than SP2.

And if you henceforth have problems because of not having upgraded to SP2, its your own headache and you have no right to ask your vendor for support - because what could have saved you known problems has already been rejected by you. Don't be surprised if Customer Support staff give you a one-line response to all your help-calls:

"Upgrade to SP2."

You know what's most funny about the whole "upgrade to SP2" business ?

Much of so-called problems is being experienced and reported and written-about by unlicensed users of XP. Possibly the only losers, is n00b pirates, who weren't able to get through the enhanced checking for authenticity in SP2 - because they are afraid about what might have been embedded into the SP to trap them. And if you have any application that won't work fine with SP2's new security, even then its your mistake - because SP2 was being tested since over a year (were you out mosquito-hunting all that time?). And in that period, you should have either reported bugs and got it fixed, or moved to a new version of your app (or if you use custom software, got it changed/re-coded by the developer).

Bottomline : There's something wrong with you if you use XP and haven't moved to SP2.

[/RANT over]

What do you think?

[Zxian]

I don't necessarily think that upgrading to Service Pack 2 is the be-all-and-end-all of computer solutions, nor should it be the first step in troubleshooting.

I've had my fair share of problems with Service Pack 2, especially with performance issues and wireless configurations and setup. (And I'm no pirate or n00b and I have tried to work with Service Pack 2)

I still think that with the many months of development, Microsoft couldn't have recreated every possible situation that would arise with the functionality of Service Pack 2.

I simply think that Microsoft was trying to catch up with security holes that customers were having to rely on third-party software for. Think about the fact that just now... after a long time of spyware having bothered the internet world... Microsoft is finally thinking about anti-spyware solutions... and they're not even doing it on their own. MS bought up Giant Software Company and is using their software as a platform to use for their own.

I realize that I've put out a number of posts that may seem like I'm "anti-SP2". This is not really the case. All I'm trying to say is that there is no "one fix" in the PC world to the problems with viruses, worms, trojans, spyware, etc etc etc (the list goes on and on). I haven't had any problems with SP1a and NOD32 and Sygate to protect my system. What would be really good for Microsoft to release is a document that people would easily have infront of them to reference when it comes to anti-virus solutions, third-party firewalls, and anti-spyware solutions.

[Martin Zugec]

2prathapml: 100% agreement... I was making SP2 deployment for few hundreds computers and if U follow few recommendations, U wont have any problem:

NEVER install SP2 on running system, if U R not sure the computer is ok. Instead use slipstreamed SP2.

If U R making enterprise deployment, use ACT 4.0 - U will solve a lot of problems before U deploy SP2.

2Zxian:

Ad Wireless - with SP2 I created my wifi network at home - build AP, set client, export to USB and import to other computers... NO problem at all.

Ad performace: SP2 speeded up my computer. It is because during DEP implementation they recompile core system files and find a few security/performace bugs. Also it speeded up my MOF repository (I still dont know why )

Ad antispyware - Microsoft agreed a long time ago that this is the problem. That is why U were able to found on their site recommendation to download&install AdWare or Spybot - this is not usuall habit of MS as we all know. Giant is best antispy company (with best technology). I was making seminar on this topic, that was in time, when Giant was founded. Cant see any reason why MS should develop their own solution if they can buy know-how. The same situation as with Connectix...

About document - there is a lot of them... From 3 Steps to protect your pc to Spyware related topics (http://www.microsoft.com/athome/security/spyware/default.mspx)

[Zxian]

Ad Wireless - with SP2 I created my wifi network at home - build AP, set client, export to USB and import to other computers... NO problem at all.

Ad performace: SP2 speeded up my computer. It is because during DEP implementation they recompile core system files and find a few security/performace bugs. Also it speeded up my MOF repository (I still dont know why )

Having a wifi network at home and having a mobile computer are completely different. When I'm on the road, I always had Windows (SP2) nagging me that there was no wireless network in range. If I'm sitting on an airplane at 35,000 ft, I doubt that there would be a wireless network that I could log onto to connect to the internet.

My laptop is ever more my primary computer, and when the system goes into Max Battery mode (what I like to call "On but slow and lazy"), I have noticed a performance hit over SP1. Just for reference sake, in Max Battery mode, the CPU never goes above 600MHz, and will usually try to stay at 250MHz as much as possible.

What does MOF stand for?

[Martin Zugec]

Hmmm, dont U have Dell notebook by accident? There was known flaw in that case (I got D600, but older got this problem)... IMHO this was solved by Dell (new firmware).

MOF is needed for alias used by WMIC. I use WMIC(WMI) for most management solutions. After installation of SP2 there was recompilation (which is normal in way MOFs works), but there was rapidly increased speed of accessing namespaces - even MS dont know why

[Zxian]

Nope, it's a Compaq with all the latest BIOS and drivers. My friend has an IBM laptop (also Centrino) and when his system screwed up because of partitioning conflicts with IBM's security software, he went back to SP1a (he had been running SP2) and he noticed that when in low power modes, the computer was generally more responsive.