Disturbing Windows XP Security Bug

[MSNwar]

You might find this interesting.

Okay, everything Microsoft has a security bug so why should Windows XP be any different? Regular TNPC readers know I don't go in for a lot of "the sky is falling" hype every time someone figures out some esoteric macro virus or other non-event. But this issue with Windows XP is serious enough for even me to take notice.

I run XP on my office laptop (yes, complete with the Fischer- Price interface, hey, you get used to it) so when my boss told me about this problem I was interested and looked into it. Microsoft is keeping pretty quite on the mechanics of the security flaw but it centers on a file that installs with Windows XP called UPLDRVINFO.HTM. This file is part of the Windows XP Help system. There's a script in this file that can be called from a snippet of code that allows the calling application to specify a file, or a folder, to be deleted.

This code can be a link on a Web page, it can be a link in an HTML email message, or it can triggered by a rigged Web page whereby all you have to do to get stung is to display the page in your browser. The name of the file or folder to be deleted is passed to the script so that filename or folder name has to be known by the bad guys in advance. This limits the destructive capability to known folders such as the Windows or System folder which can quickly cripple your computer.

When the script is activated a browser window pops up and displays the Microsoft Help and Support Center page. What is not apparent is that it has already deleted the target files. If the Windows folder was hosed and you shut down the system it won't come back up.

Microsoft has known about this problem for some time but has been very closed-mouthed about since once hackers know that UPLDRVINFO.HTM is involved it is easy to go study that file and figure out how to started deleting unsuspecting Windows XP users' files. The rest of the security professionals have gone along with Microsoft until a patch or workaround was found. There are now several solutions to this bug and if you are running Windows XP you should implement one.

First, and easiest, is to just rename the UPLDRVINFO.HTM file. While this is a bit of a band-aid approach it is preferable to doing nothing about this problem. Another, and more comprehensive solution, is to install the Windows XP Service Pack 1 upgrade. The only downside to the SP1 fix is that it's a "version 1" of a service pack and Microsoft has been known to break more things than fixed in initial service packs. But I've installed SP1 on my laptop and have not had any major issues but be aware there is a LOT of negative buzz about SP1.

Microsoft, perhaps realizing that SP1 is not all it could/should be has also issued a patch last month to address this security flaw. It's a 1 megabyte plus patch and you can find it here: http://www.microsoft.com/Downloads/Release...ReleaseID=43681

However, if you're going to go the patch route consider the fix put out by Steve Gibson called XPdite. It's a 30k file so it's immensely faster to download and apply than the Microsoft patch and even more so when compared to the 135 megabyte Windows XP Service Pack 1 upgrade. You'll find Steve's XPdite here: http://www.TheNakedPC.com/t/524/tr.cgi?jim1

If you want to see this XP bug in action check out this TechTV video clip: http://cgi.techtv.com/mediamodule?action=v...ion=20020910095

425&video_src=/thescreensavers/2002/ss020909c&width=320&height=24

0&vidsection=3200042&add_date=1031641200&start=&end=&duration=&bi

trates=

http://www.TheNakedPC.com/t/524/tr.cgi?jim2

You can reach T.J. Lee at:

mailto:tj_lee@TheNakedPC.com

[Aaron]

This is a 3 month old flaw though.

[FthrJACK]

Aaron.. your alive!!!

[MSNwar]

He lives?

Well, now we know what to use for bait w00t

[HashDump]

(chuckles to himself)

Just imagine...I work for the tech department of a K-12 school district and we've just upgraded our workstations to W2K. It was quite a project, but just imagine how much bigger of a project had we installed XP?!?!?!