Full Disclosure mailing list archives
XP security hole uplddrvinfo.htm
From: Paul.Tinsley () phyve com (Paul Tinsley)
Date: Tue, 10 Sep 2002 12:03:04 -0500
Sorry if this has already been posted but I was made aware of a rather ugly security hole in Windows XP. Excerpt from Gibson Research (http://grc.com/default.htm) Attention Windows XP Users A little-known but critical vulnerability exists in Windows XP. It has recently been repaired in Service Pack 1. This vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially formed URL. This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon. This vulnerability is so dangerous that it would be irresponsible for me to say more. Microsoft has known of this problem for months and has, inexplicably, done nothing before now. Although XP's Service Pack 1 is not small (approx 30 MB for express installation or 140 MB for the network install), and even though a much quicker and easier solution to this problem exists, the only thing I can safely recommend (without revealing too much) is to urge all XP users to somehow obtain and install Service Pack 1 immediately. (If you have a slow Internet connection, perhaps a friend can download the executable Service Pack file and burn it onto a CD for you?) This problem does not affect any systems other than Windows XP. If you have any friends or co-workers running Windows XP, please urge them to update their systems' too. Once the details of this vulnerability have leaked through other channels I will provide additional information. Stopgap solution found on Screen Savers website (http://www.techtv.com/screensavers/shownotes/story/0,24330,3398516,00.h tml) If, for whatever reason, you don't or can't download the service pack, there is an alternative. There's a file you can rename or delete to fix the security hole. Here are the steps: Perform a search for a file on your C drive called "uplddrvinfo.htm." Once you've found the file, delete it or rename it. Doing so will not hinder your ability to use Windows XP.
Current thread:
- XP security hole uplddrvinfo.htm Paul Tinsley (Sep 10)
- XP security hole uplddrvinfo.htm Thor Larholm (Sep 10)
- <Possible follow-ups>
- XP security hole uplddrvinfo.htm Paul Tinsley (Sep 10)
- XP security hole uplddrvinfo.htm Georgi Guninski (Sep 10)
- XP security hole uplddrvinfo.htm gobbles () hush com (Sep 10)
- XP security hole uplddrvinfo.htm gobbles () hush com (Sep 10)