Attention: Important Information For All XP Users

Source: GRC.com

Ever since its release, Windows XP has contained a critical flaw that could be trivially exploited at any time by any malicious hacker. By causing any Windows XP system to process a specially-formed URL (web-style link), the XP system would obediently delete all or most of the files within any specified directory. (That's not good.)

This flaw is considered critical because these malicious URLs could be delivered to any XP user through any means: via an eMail solicitation, a chat room, a newsgroup posting, a malicious web page, or even processed automatically without the user clicking anything by merely visiting a malicious web page. (That's bad.)

Curiously, Microsoft was informed of this easily-demonstrated, quite significant, and trivial-to-fix, Windows XP defect back in June of 2002, but chose not to proactively address the significant vulnerability created for their users until the September 9th, 2002, release of Windows XP's first service pack.

Since Windows XP Service Pack 1 repairs many more security, stability, and compatibility problems than just this critical exploit, Service Pack 1 should be applied as soon as possible.

Tags: 

 

5 comments for 'Attention: Important Information For All XP Users'

I have to agree with you on that. However I took it one more step in the extream by droping M$ altogether. I'll stick with *nix.

Not M$ bashing, But I found that I am just as productive(maybe more so) using Linux and Unix. I still have to watch exploit/bug tracks but the fixes are more solid than the Microsoft fixes for all windows OSs.

I'm not convinced that Linux or Unix is the answer to M$ bugs. If you want ease of use and functionalty you have no choice. I personnally have no complaints, the windows xp beta version I tried before it was released was rock solid, as is the final version. I've downloaded all the updates and fixes, but they've made no difference as I've never had a problem. I don't understand peoples complaints. Who would you trust? Some random global connection of hackers and geeks who put together a version of Linux that is open source, therefore flaws could be easily built in by anyone. Or M$ who are commited to functionality and constantly fix bugs and test their operating systems. They want to make their OS good because they want people to buyit. The only reason so many bugs and flaws are found is because everyone uses windows and everyone attacks and trys to find flaws in it.

When I have a problem with windows XP I'll let everyone now about it... but dont hold your breath!

Xp Security Fix for Non-SP1 Users

ALOHA

Everyone using XP without SP1 MUST Delete:

C:\WINDOWS\PCHEALTH\HELPCTR\Sy

stem\DFS\uplddrvinfo.htm

uplddrvinfo.htm This file MUST be renamed or deleted!

If you don't install XP SP1 you are subject to file deletion simply by clicking on a link on web page.

SP1 will fix this!

Deleting-renaming this file will also fix this!

A script in this page WILL Delete All files in the attacked directory but will not delete sub direcrories or files in sub directories!

When you visit a web site or click on any active link in a message or downloaded page you are Vulnerable!!!!

After clicking on the link a Microsoft Help Window will appear on your screen.

Title "Help and Support Center"

sub-title "Get Help with your Hardware Device"

If this window appears for unkown reason use "Task Manager " and look on the process tab for "Help.exe" and close this process!!Closing the window any other way WILL result in deleting any files listed in the link!!

ALOHA