Critical vulnerability in XP
Is this true??!
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
First, Gibson is a fuckwit. He overstates the risk and understates the problem.
Second, SP1 fixes this problem.
Second, SP1 fixes this problem.
one thing that i have noticed is that his programs and programming is very top notch. the program will work and work very well.
if u really need it or not... who knows.
ps. from personal experience sp1 upgrade is 50-50
a clean sp1 slipstreamed install is 100%
if u really need it or not... who knows.
ps. from personal experience sp1 upgrade is 50-50
a clean sp1 slipstreamed install is 100%
I think it's funny when I see OEM reps recommending the reformatting/restoring of the original OS. Against what many would think, this is not because XP SP1 is so bad, it's just that either:
A. They will only support the original OS, and will not try to troubleshoot anything else.
B. A copout, the rep either doesn't know how to fix the problem, or is looking to get the customer off the phone as quickly as possible, as that is one of the primary performance evaluation standards.
FYI, the quotes from the OEM reps in the link provided above is what got me started on this rant, but I think it applies to so many places.
A. They will only support the original OS, and will not try to troubleshoot anything else.
B. A copout, the rep either doesn't know how to fix the problem, or is looking to get the customer off the phone as quickly as possible, as that is one of the primary performance evaluation standards.
FYI, the quotes from the OEM reps in the link provided above is what got me started on this rant, but I think it applies to so many places.
It is a security flaw that exists in the windows help system. Service Patch 1 fixes that problem, but if you wish to fix it yourself here's the instructions from my website:
Quote:Basically the flaw exists as a specially formatted link. If someone formats a link in a certain way and then gets a Windows XP users to click on it sending it to them via email or even hiding it in a web page it will cause Windows XP to DELETE all the files in whatever directory they want!
This is so easy to do that ANYONE who knows how to make a web page can do it. And it exists in ALL distributions of Windows XP!
The fix thankfully is very easy to do. Simply open up Windows Explorer (in Start >> All Programs >> Accessories or hit the Windows Key + 'E'). Then hit the 'Search' button on the toolbar. Click on 'All files and folders' and in the top box type 'uplddrvinfo', in the 'Look in' box select 'My Computer', and then hit 'Search'. Now it will search you computer for a bit looking for the file. It should find the file and put it in the right window. (it will be under C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS) Now simply right - click on the file name and hit 'Rename' then press the 'Arrow Right' key on your keyboard. Hit the 'Backspace' key 3 times and type in 'old' so that the filename will change from 'uplddrvinfo.htm' to 'uplddrvinfo.old' then hit the 'Enter' key.
That's it - once this file has been renamed in your system you will be protected.
Quote:Basically the flaw exists as a specially formatted link. If someone formats a link in a certain way and then gets a Windows XP users to click on it sending it to them via email or even hiding it in a web page it will cause Windows XP to DELETE all the files in whatever directory they want!
This is so easy to do that ANYONE who knows how to make a web page can do it. And it exists in ALL distributions of Windows XP!
The fix thankfully is very easy to do. Simply open up Windows Explorer (in Start >> All Programs >> Accessories or hit the Windows Key + 'E'). Then hit the 'Search' button on the toolbar. Click on 'All files and folders' and in the top box type 'uplddrvinfo', in the 'Look in' box select 'My Computer', and then hit 'Search'. Now it will search you computer for a bit looking for the file. It should find the file and put it in the right window. (it will be under C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS) Now simply right - click on the file name and hit 'Rename' then press the 'Arrow Right' key on your keyboard. Hit the 'Backspace' key 3 times and type in 'old' so that the filename will change from 'uplddrvinfo.htm' to 'uplddrvinfo.old' then hit the 'Enter' key.
That's it - once this file has been renamed in your system you will be protected.