Here we go again ~~ Huge & Extremely Serious Security Hole in Windows XP: Please read & update immediately!

[AnandTech Moderator]

Monday night, Tech TV announced an extremely serious security flaw with ALL Windows XP installations. This does not affect other Windows operating systems, such as Windows 98, Me, NT or 2000. Leo Laporte of The Screen Savers demonstrated how this could wipe out entire directories.

Microsoft has reportedly known about this security hole for 11 weeks. Thankfully, no nefarious characters have taken advantage of it yet (but they no doubt will, and soon, now that it?s been announced).

Simply opening a web site or email (or even using a chat room) may wipe out entire directories on any Windows XP computer (such as your Documents folder).

From the Gibson Research site:

This vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially formed URL. This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon.

Windows XP Service Pack 1, released Monday by Microsoft, fixes this problem. However, the entire Service Pack 1 release is 140 MB, which would take hours to download on a dial-up modem. In fact, it took me one hour via broadband due to constraints at Microsoft?s end.

Fortunately, if you've been updating your XP OS on a regular basis, Microsoft offers an "express pack" that you can use. Even so, I've heard the minimum size for an "express update" is at least 30 MB, which is still a hefty download unless you have a broadband connection such as DSL or Cable.

The security hole in questions involves "Windows XP Help." The hole lets anyone put a link on a website that can wipe out certain hard-drive directories.

If, for whatever reason, you don't or can't download the service pack, there is an alternative. There's a file you can rename or delete to fix the security hole. Here are the steps:

1. Perform a search for a file on your C drive called "uplddrvinfo.htm."
2. Once you've found the file, delete it or rename it (such as to uplddrvinfo.htm.old). Doing so will not hinder your ability to use Windows XP.

You may download Service Pack 1 at: http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/default.asp

You may also read about this at the Tech TV "Screen Savers" site at: http://www.techtv.com/screensavers/shownotes/story/0,24330,3398516,00.html

---

Reposted with thanks to AT member, jonnashville for posting this in Hot Deals.

AnandTech Moderator

 

[Saltin]

At the risk of sounding impudent, I posted this three weeks ago and no-one seemed to care. I was shocked, because it is such a nasty little exploit.

---

Saltin,

Sorry we missed your previous post. We are a small group of volunteers, and we cannot see everything.

Your efforts are appreciated. Next time you encounter something important to be worth considering for a sticky, just PM us and ask. That is one good way to make sure at least one mod sees your post.

< spanks mod for a repost >

AnandTech Moderator

 

[jonnashville]

There's a longer thread on this under Hot Deals (my original post)...

 

[Macro2]

I posted it here yesterday and got no response. On Hardware they locked the thread.
No one will care until it jumps up and bites them...

Public mentality I guess...

 

[drag]

XP mentality more accurately

 

[Quake]

I'd like to add something! NETSCAPE USERS, YOU ARE NOT SAFE EITHER!

 

[Quake]

Btw, you can fix this bug really easily by renaming (or deleting, I suppose) the file uplddrvinfo.htm in \windows\PCHEALTH\HELPCTR\System\DFS

OR if you don't want to make the file not available, comment out (add // at the beginning of the line) these two lines (do a search using notepad):
oFSO.DeleteFile( sFile );
oFav.Delete( oThisFav );

 

[Nothinman]

I'd like to add something! NETSCAPE USERS, YOU ARE NOT SAFE EITHER!

Maybe I'm not reading the original post correctly, but noone ever said it was IE specific.

And on that same irrelevant note, I'd like to add THOSE OF US NOT USING XP ARE PERFECTLY SAFE.

 

[Barnaby W. Füi]

ATTENTION 1977 BUICK REGAL GT OWNERS: THIS EXPLOIT AFFECTS YOU TOO!

 

[Nothinman]

Glad I drive a 1985 Bonneville then =)

 

[civad]

Another one?

GOt to tell my WinXP user-friends abt this ...

 

[jonnashville]

Finally.... a free, easy software-based fix for you, in case you haven't got access to the Service Pack (or don't want to install it), or don't like messing with system files...

XPdite from Gibson Research

(Gee, couldn't have Microsloth done something similar weeks ago???)

 

[Nothinman]

I'm sorry but Steve Gibson is practically a loon. That combined with the fact that he doesn't sat at all what that program actually does, makes me definately NOT want to run thing, especially in a corporate environment.

 

[jonnashville]

<<he doesn't say at all what that program actually does>>

Yes he does.... Just read the screen shot with the big red "Dangerous File is Present."

If you read this before carping, you'd find all this thing does is replace the file with the safe one from XP Service Pack 1.

(I guess Leo Laporte must be a "loon" too for strongly recommending it, huh??)

 

[Barnaby W. Füi]

Originally posted by: jonnashville
(I guess Leo Laporte must be a "loon" too for strongly recommending it, huh??)

Leo Laporte put a SuperOrb on a $15,000 "dream" computer.

 

[Nothinman]

es he does.... Just read the screen shot with the big red "Dangerous File is Present."

If you read this before carping, you'd find all this thing does is replace the file with the safe one from XP Service Pack 1.

The page detaling the program should say that, I shouldn't have to look at the screenshots.

And that doesn't change the fact that Steve Gibson is an idiot, his rant on raw sockets in XP was enough to convince me he has no idea what he's talking about.

 

[jonnashville]

Originally posted by: BingBongWongFooey

Originally posted by: jonnashville
(I guess Leo Laporte must be a "loon" too for strongly recommending it, huh??)

Leo Laporte put a SuperOrb on a $15,000 "dream" computer.

BingBong, please let us know when you have your book in the Amazon Top 30, and have a nightly TV show reaching 80% of cable households in North America, OK??

 

[Nothinman]

BingBong, please let us know when you have your book in the Amazon Top 30, and have a nightly TV show reaching 80% of cable households in North America, OK??

And AOL is the best ISP because they have the most users, right?

Come on, just because he has a book and is famous doesn't mean he knows anything. I've seen him make completely obvious mistakes on the air and noone calls him on it, I would but I only see reruns because I don't watch TV during the week.

 

[jonnashville]

I never saw a guy named Noone on there. So, I don't think he could have called anyone on anything.

 

[Saltin]

BingBong, please let us know when you have your book in the Amazon Top 30, and have a nightly TV show reaching 80% of cable households in North America, OK??

Britney Spears and NSYNC have top ten hits and reach millions of households every night too. That doesnt mean they are any good.