Researchers find holes in XP SP2

August 19, 2004

 

Researchers find holes in XP SP2: "Security researchers inspecting an update to Microsoft%27s Windows XP found two software flaws that could allow virus writers and malicious hackers to sidestep new security features in the operating system."

Ok this is just plain stupid. The actual advisory (posted here: http://www.heise.de/security/artikel/50051) states that some user interaction is required to exploit this vulnerability, such as having the user type cmd exploitname.exe (or whatever file extension). They also say that this method bypasses some antivirus software. HOW IS THIS AN EXPLOIT!!?!? If I talked someone into opening Windows Firewall and opening up port 145 to the outside world, is that a vulnerability in the Operating System? What if I tricked someone into giving me thier password, is that a vulnerability of that system's authentication mechanisms? NO. At the most this is an exploit of the user's intelligence, if that.

0 comments: