Windows XP SP2 flaw complex but dangerous

Dan Ilett, Special to ZDNet
02 December 2004 09:14 AM
Tags: security, sp2, windows, flaw, xp, exploit, bypass, setting
Security experts have identified a modified exploit that can target computers running Windows XP SP2.

Although the exploit is tricky to perform, it combines two vulnerabilities in Internet Explorer 6 with a series of ActiveX exploits to break security settings in computers running SP2. It runs when a user moves a file or an image from one part of a Web page to another, but in the process the exploit downloads code to machines that circumnavigates Local Computer security settings in SP2.

Researchers at Danish security company Secunia have labelled the vulnerability as "highly critical" because it allows hackers to access local resources and bypass security features in Windows XP SP2.

"This is the most serious vulnerability for SP2 that we have the moment," said Thomas Kristensen. "The problem is that by exploiting this vulnerability in IE it's possible to drag a file into the local security zone and change the settings. On an SP2 system, this shouldn't be a problem, but it is still possible to bypass the security with an Active X control."

The company pointed out that Windows XP SP2 does not run Active Scripting in the Local Computer zone, but by performing a series of Active X exploits it is possible to bypass those setting in SP2.

"It's a series of events you have to perform before you are able to bypass security settings," said Kristensen. "It is complicated. But they are several minor issues that can be compromised so it's possible to circumnavigate the security settings."

Kristensen added that SP2 was supposed to tightly lock down the security issues with IE 6, but this was clearly a compromise in it security. He said that the solution was to disable the drag-and-drop or copy-and-paste options on Internet Explorer and set the security level to "high" in the Internet zone.

Advertisement

Talkback 2 comments

    Service Pack 2 is no better. In my experience with service pack 2 I would not recomend it at all. For starters I have been hacked through 2 firewalls within 3 days of a rebuild to go to service pack 2. The security features are a nightAnonymous -- 02/12/04

    Service Pack 2 is no better.

    In my experience with service pack 2 I would not recomend it at all.

    For starters I have been hacked through 2 firewalls within 3 days of a rebuild to go to service pack 2. The security features are a nightmare for gamers who want to tweak performance by disabling certain services and apps.

    Typical Microsoft rubbish, Once agin they are not thourough in their work.

    I personally dont care hiow many lines of code ther are as it is irrelavant, they just need to make it safe no matter what and not release it untill it works with feature which suit all situations.

    I made a big mistake last year letting my Norton Internet Security expire because I thought Microsoft was enough protection and I ended up hiring a local technician to clean my disk which was infected with 47 viruses. Now I have Norton firewall working. Anonymous -- 03/12/04

    I made a big mistake last year letting my Norton Internet Security expire because I thought Microsoft was enough protection and I ended up hiring a local technician to clean my disk which was infected with 47 viruses. Now I have Norton firewall working. It seems to block everything that it considers an intrusion. My question is about gaming. Everytime I download a game from Real Arcade I am getting a HIGH RISK warning from Norton's program about the WELCHIA WORM SCAN. I used the tracking feature and it tracked it back to an address in Washington State. This keeps happening over and over. What is this? And should I worry about it?

Add your opinion


Latest Videos

Blogs

  • Juha Saarinen TelstraUnClear
    Telstra's New Zealand arm TelstraClear is one strange company ...
  • Array E-health too unsexy for COAG
    There will always be something more politically sexy than e-health for state governments, meaning the National E-Health Transition Authority's business case for a national electronic medical record might just sit on the shelf gathering dust forever.
  • Array Will Rudd's bush backhaul bonanza deliver?
    Rural areas will be welcoming the government's decision to put its money where its politicising is, funnelling $250m into a regional fibre upgrade to six rural centres. Remedying over a decade of near-neglect at the hands of telecoms privatisation, the investment could be the firmest step yet for Labor's NBN dream — but with inevitable political questions and a looming election, Rudd and Conroy need to deliver, and quickly, to preserve the NBN's credibility.
  • More blogs »

Tags

Back to top

Featured