Author Topic: Very severe Windows XP security bug (Read 276 times)

bloom25 · « **on:** September 13, 2002, 10:59:14 AM »

It seems Microsoft has known about an extremely severe security flaw in Windows XP and has delayed fixing it until SP 1.

This bug is so trivial to exploit that those of you with Windows XP Home or Pro need to fix it immediately. It is quite literally possible that visiting a webpage or clicking a certain style of URL (link) can overwrite any file on the hard drive. That means just by viewing a webpage your system would be dead.

For those of you who can't stand to put up with Microsoft's insane new EULA agreement and provisions for SP 1, there is a patch for this major flaw on grc.com.

You need to fix this immediately. This flaw is so bad and so trivial to exploit that just by typing a certain string of characters I could have ruined all the Windows XP machines who viewed this post.

It absolutely amazes me just how bad M$ products have gotten recently. This should have been patched immediately when found, not 3 months later.

Ripsnort · « **Reply #1 on:** September 13, 2002, 11:04:47 AM »

Updated! Thks Bloom.

bloom25 · « **Reply #2 on:** September 13, 2002, 11:40:20 AM »

Here's the link to a non-M$ fix for the problem:

http://grc.com/xpdite/xpdite.htm

They have more info there too.

bloom25 · « **Reply #3 on:** September 13, 2002, 11:41:45 AM »

Oedipus, that was almost certainly a virus. If you have a virus scanner I would update and run it.

Pfunk · « **Reply #4 on:** September 13, 2002, 02:07:02 PM »

Way ahead of you bud;)

Posted on 9/2
Actually SP1 did in fact resolve lots of problems with XP. In specific a security hole where a hacker could create a webpage and by simply visiting that URL wipe out the entired Windows directory. I saw them do it on the Screen Savers show they just clicked on the URL and boom buh bye windows.

bloom25 · « **Reply #5 on:** September 13, 2002, 04:11:33 PM »

That was the exact hole this post is about Pfunk.