Thursday, December 20, 2001

Major WinXP Vulnerability -- 2:01 pm CST, Update by A.T. Hun

The Washington Post is reporting on a major vulnerability in Windows XP. The flaw is in the universal plug-n-play code. It will allow someone to take total control of a WinXP box if it is connected to the Internet. Check Windows Update for a fix. If you have WinXP, check Windows Update NOW. Here's a quote from Microsoft:

"This is the first network-based, remote compromise that I'm aware of for Windows desktop systems," said Scott Culp, manager of Microsoft's security response center. "Every Windows XP user needs to immediately take action." He called it a "very serious vulnerability."

Thanks Slashdot.

The Master comments: Sigh . . .

UPDATE! Ars Technica is reporting that the patch is not on Windows Update yet. You have to get it from Microsoft directly. Apparently it also affects Windows 98 and ME if you have XP's connection sharing installed. This exploit has been known for five weeks but took this long for a fix. They also posted Microsoft's security bulletin.

UPDATE #2! Aaarrgghh! It's a buffer overflow! Aaaarrrgghh. Oh yeah, it could be used to DDOS a site too. Great.

News for 12/20/2001

The Haus is powered by:

All original information on this website is copyright © TheHaus.Net, 1999-2005. The use of original images, text, and/or code from this website without expressed written consent is prohibited. The authors of this site cannot be held responsible for any damage, real or imagined, which comes from the use of information presented on this site. All trademarks used are the properties of their respective owners. This site is not to be used as a floatation device (but if you try, I want a video tape of it).