Print
Discuss
Send to friend
RSS feedsSecurity researchers believe they have discovered a weakness in the new security given to Windows XP by the recently unveiled Service Pack 2 (SP2).
Since XP SP2 was released, activists have been searching for weaknesses in the security-focused service pack. Microsoft yesterday dismissed claims by German researchers to already have discovered a flaw.
Now a group has claimed that exploit code could bypass the new security procedures in XP by using the 'drag and drop' features of Internet Explorer.
In an advisory, consultant Secunia said researchers http-equiv had demonstrated that "the vulnerability is caused due to insufficient validation of drag-and-drop events issued from the 'Internet' zone to local resources.
"This can be exploited by a malicious website to e.g. plant an arbitrary executable file in a user's startup folder, which will get executed the next time Windows starts up."
But Microsoft believes that any hacker looking to exploit this issue would have to rely on considerable help from users.
The company said an attacker would need to first entice the user to visit a specific website and then entice them to drag and drop the malicious file in a specific location within that website.
"Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers," the firm said in a statement.
"Microsoft is not aware of any customer impact at this time. However, we will continue to investigate the issue to determine the appropriate course of action to protect our customers."
But Secunia argued that the flaw is "highly critical", as much of the work the user needs to follow could be masked into a single click.
"Even though the 'proof of concept' depends on the user performing a drag-and-drop event, it may potentially be rewritten to use a single click as user interaction instead," the consultant warned.
Meanwhile, Microsoft has published the first 'hotfix' for XP following the release of SP2, to deal with a loopback addressing problem.
A loopback address is a special internet protocol (IP) number (127.0.0.1) designated for the software loopback interface of a machine.
It allows IT professionals to test IP software without worrying about broken or corrupted drivers or hardware.
Microsoft is working towards a better patch for the problem, which showed up in Release Candidate versions of SP2.
See also:
No plans to develop patches or workarounds for 'theoretical' holes 19 Aug 2004XP Service Pack 2 provides some security improvements which users cannot afford to ignore, but some existing apps may need to be tweaked to run at their best 17 Aug 2004
We give you a guided tour of some of SP2's major new features. 17 Aug 2004All Operating Systems
del.icio.us
Digg this
reddit!
