XP security hole uplddrvinfo.htm

[gobbles () hush com (gobbles () hush com)]

fuck you 2.

mindless consultant rely on charletan look dumb fuck
gibson suck nothing but shit covered dick
Paul Tinsley get gibson left over
must taste good
here is invoice
i look smart
hire again
mom is proud

> You people amaze me.... you are too busy proving that each othe
> r suck to
> just get the word out on exploits.  You should note that I neve
> r claimed
> who discovered it, I honestly don't care.  I know personally I 
> would
> prefer if political agendas or conspiracy theories stay off the
> list.
> Point is, systems are insecure, get the word out.  Pat on the b
> ack for
> whoever did discover it...
>
> So revised version of original message: 
> I haven't seen much if any coverage of a rather nasty exploit i
> n Windows
> XP that was discovered by what I believe was a human on earth. 
> If you
> would like to keep your XP boxes from being venerable to this e
> xploit
> which happens to delete whatever a properly formed link request
> s, delete
> %windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm
>
> Thank you to Thor for posting more accurate information in repl
> y to my
> message....
> Shane Hird discovered it.
> You can see his post here:
>
> http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.h
> tml
>
> And you can try a proof-of-concept here:
>
> http://jscript.dk/2002/8/sec/xphelpdelete.html
>
> And you can see all of the 20 publicly known unpatched vulnerab
> ilities
> in Internet Explorer here:
>
> http://www.pivx.com/larholm/unpatched/
>
>
> -----Original Message-----
> From: gobbles () hush com [mailto:gobbles () hush com] 
> Sent: Tuesday, September 10, 2002 2:36 PM
> Subject: Re: [Full-disclosure] XP security hole uplddrvinfo.htm
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steve Gibson=FUD charlaten   www.grcsucks.com
>
> > Sorry if this has already been posted but I was made aware of 
> a
> > rather
> > ugly security hole in Windows XP.
>
> FUD FUD FUD
>
> > This vulnerability allows the files contained in any specified
>
> > directory
> > on your system to be deleted if you click on a specially forme
> d
> > URL.
> > This URL could appear anywhere: sent in malicious eMail, in a 
> c
> > hat room,
> > in a newsgroup posting, on a malicious web page, or even execu
> t
> > ed when
>
> Geogie Guninski discovered this long time ago.  Major vulnerabi
> lity also
> exist if user type format command wrong.
>
> Gibson no skills not discover this.
>
> > your computer merely visits a malicious web page. It is likely
>
> > to be
> > widely exploited soon.
>
> Widely exploited soon?  Gibson planning something?
>
> bullshit bullshit bullshit
>
>
> > This vulnerability is so dangerous that it would be irresponsi
> b
> > le for me
> > to say more. Microsoft has known of this problem for months an
> d
>
> FUD FUD FUD bullshit bullshit bullshit.  Gibson is marketing.  
> General
> terms high level bullshit mean more consultant dollars.
>
> > has,
> > inexplicably, done nothing before now. Although XP's Service P
> a
> > ck 1 is
> > not small (approx 30 MB for express installation or 140 MB for
>
> > the
> > network install), and even though a much quicker and easier so
> l
> > ution to
> > this problem exists, the only thing I can safely recommend (wi
> t
> > hout
> > revealing too much) is to urge all XP users to somehow obtain 
> a
> > nd
> > install Service Pack 1 immediately. (If you have a slow Intern
> e
> > t
> > connection, perhaps a friend can download the executable Servi
> c
> > e Pack
> > file and burn it onto a CD for you?)
>
> More fud fud fud bullshit bullshit bullshit.  Problem fixed wit
> h hotfix
> not sp1.  Gibson very dumb.
>
> > This problem does not affect any systems other than Windows XP
> .
> > If you
> > have any friends or co-workers running Windows XP, please urge
>
> > them to
> > update their systems' too. Once the details of this vulnerabil
> i
> > ty have
> > leaked through other channels I will provide additional inform
> a
> > tion.
>
> Gibson planning leak?  Tell friends that Gibson great security 
> guy and
> pay to consult.  bullshit bullshit bullshit FUD FUD FUD
>
> > there is an alternative. There's a file you can rename or dele
> t
> > e to fix
> > the security hole. Here are the steps:
> >
> > Perform a search for a file on your C drive called "uplddrvinf
> o
> > .htm."
> > Once you've found the file, delete it or rename it. Doing so w
> i
> > ll not
> > hinder your ability to use Windows XP.
>
> bullshit bullshit bullshit.
>
> Does not fix problem.  Gibson is dumb.
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.c
> om
>
> wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiwC
> gkCxM
> SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd
> =Ok0V
> -----END PGP SIGNATURE-----
>
>
>
>
> Get your free encrypted email at https://www.hushmail.com

> You people amaze me.... you are too busy proving that each othe
> r suck to
> just get the word out on exploits.  You should note that I neve
> r claimed
> who discovered it, I honestly don't care.  I know personally I 
> would
> prefer if political agendas or conspiracy theories stay off the
> list.
> Point is, systems are insecure, get the word out.  Pat on the b
> ack for
> whoever did discover it...
>
> So revised version of original message: 
> I haven't seen much if any coverage of a rather nasty exploit i
> n Windows
> XP that was discovered by what I believe was a human on earth. 
> If you
> would like to keep your XP boxes from being venerable to this e
> xploit
> which happens to delete whatever a properly formed link request
> s, delete
> %windir%\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm
>
> Thank you to Thor for posting more accurate information in repl
> y to my
> message....
> Shane Hird discovered it.
> You can see his post here:
>
> http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00224.h
> tml
>
> And you can try a proof-of-concept here:
>
> http://jscript.dk/2002/8/sec/xphelpdelete.html
>
> And you can see all of the 20 publicly known unpatched vulnerab
> ilities
> in Internet Explorer here:
>
> http://www.pivx.com/larholm/unpatched/
>
>
> -----Original Message-----
> From: gobbles () hush com [mailto:gobbles () hush com] 
> Sent: Tuesday, September 10, 2002 2:36 PM
> Subject: Re: [Full-disclosure] XP security hole uplddrvinfo.htm
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steve Gibson=FUD charlaten   www.grcsucks.com
>
> > Sorry if this has already been posted but I was made aware of 
> a
> > rather
> > ugly security hole in Windows XP.
>
> FUD FUD FUD
>
> > This vulnerability allows the files contained in any specified
>
> > directory
> > on your system to be deleted if you click on a specially forme
> d
> > URL.
> > This URL could appear anywhere: sent in malicious eMail, in a 
> c
> > hat room,
> > in a newsgroup posting, on a malicious web page, or even execu
> t
> > ed when
>
> Geogie Guninski discovered this long time ago.  Major vulnerabi
> lity also
> exist if user type format command wrong.
>
> Gibson no skills not discover this.
>
> > your computer merely visits a malicious web page. It is likely
>
> > to be
> > widely exploited soon.
>
> Widely exploited soon?  Gibson planning something?
>
> bullshit bullshit bullshit
>
>
> > This vulnerability is so dangerous that it would be irresponsi
> b
> > le for me
> > to say more. Microsoft has known of this problem for months an
> d
>
> FUD FUD FUD bullshit bullshit bullshit.  Gibson is marketing.  
> General
> terms high level bullshit mean more consultant dollars.
>
> > has,
> > inexplicably, done nothing before now. Although XP's Service P
> a
> > ck 1 is
> > not small (approx 30 MB for express installation or 140 MB for
>
> > the
> > network install), and even though a much quicker and easier so
> l
> > ution to
> > this problem exists, the only thing I can safely recommend (wi
> t
> > hout
> > revealing too much) is to urge all XP users to somehow obtain 
> a
> > nd
> > install Service Pack 1 immediately. (If you have a slow Intern
> e
> > t
> > connection, perhaps a friend can download the executable Servi
> c
> > e Pack
> > file and burn it onto a CD for you?)
>
> More fud fud fud bullshit bullshit bullshit.  Problem fixed wit
> h hotfix
> not sp1.  Gibson very dumb.
>
> > This problem does not affect any systems other than Windows XP
> .
> > If you
> > have any friends or co-workers running Windows XP, please urge
>
> > them to
> > update their systems' too. Once the details of this vulnerabil
> i
> > ty have
> > leaked through other channels I will provide additional inform
> a
> > tion.
>
> Gibson planning leak?  Tell friends that Gibson great security 
> guy and
> pay to consult.  bullshit bullshit bullshit FUD FUD FUD
>
> > there is an alternative. There's a file you can rename or dele
> t
> > e to fix
> > the security hole. Here are the steps:
> >
> > Perform a search for a file on your C drive called "uplddrvinf
> o
> > .htm."
> > Once you've found the file, delete it or rename it. Doing so w
> i
> > ll not
> > hinder your ability to use Windows XP.
>
> bullshit bullshit bullshit.
>
> Does not fix problem.  Gibson is dumb.
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.c
> om
>
> wlgEARECABgFAj1+RfMRHGdvYmJsZXNAaHVzaC5jb20ACgkQpmwDHEAx56siiwC
> gkCxM
> SwzADNeDmHjVlFWgxDpK9yoAn3sN5Hqhxdyn9xOAFsdmtRYDN3Vd
> =Ok0V
> -----END PGP SIGNATURE-----
>
>
>
>
> Get your free encrypted email at https://www.hushmail.com




Get your free encrypted email at https://www.hushmail.com