Security flaws emerge in Windows update
Security researchers say they're starting to find flaws in Microsoft's latest major update for Windows XP.
Last week, German company Heise Security announced that two flaws could be used to circumvent the new warnings that Windows XP Service Pack 2, or SP2, normally would display about running untrusted programs, potentially giving a leg up to a would-be intruder's attempts to execute code on a victim's PC.
And more revelations about vulnerabilities are on the way, Thor Larholm, senior security researcher with vulnerability-assessment company PivX Solutions, said on Wednesday. Larholm has been looking for holes in the security of SP2 since the update was released and has notified Microsoft about several issues, but he would not discuss the details.
"I'm positive that we will see critical flaws over the next few weeks, and worms that will circumvent SP2 features over the next few months," he said.
Larholm has found dozens of flaws in Windows XP and Internet Explorer over the past few years and had previously maintained a Web page of unpatched vulnerabilities in the software giant's browser.
Microsoft would not discuss whether it had received reports of new vulnerabilities in Windows XP Service Pack 2 but did say that the company's researchers had investigated the Heise issues and found them wanting.
