Monday night, Tech TV announced an extremely serious security flaw with ALL Windows XP installations. This does not affect other Windows operating systems, such as Windows 98, Me, NT or 2000. Leo Laporte of The Screen Savers demonstrated how this could wipe out entire directories.
Microsoft has reportedly known about this security hole for 11 weeks. Thankfully, no nefarious characters have taken advantage of it yet (but they no doubt will, and soon, now that it?s been announced).
Simply opening a web site or email (or even using a chat room) may wipe out entire directories on any Windows XP computer (such as your Documents folder).
From the Gibson Research site:
Windows XP Service Pack 1, released Monday by Microsoft, fixes this problem. However, the entire Service Pack 1 release is 140 MB, which would take hours to download on a dial-up modem. In fact, it took me one hour via broadband due to constraints at Microsoft?s end.
Fortunately, if you've been updating your XP OS on a regular basis, Microsoft offers an "express pack" that you can use. Even so, I've heard the minimum size for an "express update" is at least 30 MB, which is still a hefty download unless you have a broadband connection such as DSL or Cable.
The security hole in questions involves "Windows XP Help." The hole lets anyone put a link on a website that can wipe out certain hard-drive directories.
If, for whatever reason, you don't or can't download the service pack, there is an alternative. There's a file you can rename or delete to fix the security hole. Here are the steps:
1. Perform a search for a file on your C drive called "uplddrvinfo.htm."
2. Once you've found the file, delete it or rename it (such as to uplddrvinfo.htm.old). Doing so will not hinder your ability to use Windows XP.
You may download Service Pack 1 at: http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/default.asp
You may also read about this at the Tech TV "Screen Savers" site at: http://www.techtv.com/screensavers/shownotes/story/0,24330,3398516,00.html
---
We locked this topic at the top of several forums to alert our members about this critical update. It has now been up for several days. We hope everyone is now aware of it.
Please continue discussion of this topic in our Operating Systems forum.
Thank you,
AnandTech Moderator
Microsoft has reportedly known about this security hole for 11 weeks. Thankfully, no nefarious characters have taken advantage of it yet (but they no doubt will, and soon, now that it?s been announced).
Simply opening a web site or email (or even using a chat room) may wipe out entire directories on any Windows XP computer (such as your Documents folder).
From the Gibson Research site:
Windows XP Service Pack 1, released Monday by Microsoft, fixes this problem. However, the entire Service Pack 1 release is 140 MB, which would take hours to download on a dial-up modem. In fact, it took me one hour via broadband due to constraints at Microsoft?s end.
Fortunately, if you've been updating your XP OS on a regular basis, Microsoft offers an "express pack" that you can use. Even so, I've heard the minimum size for an "express update" is at least 30 MB, which is still a hefty download unless you have a broadband connection such as DSL or Cable.
The security hole in questions involves "Windows XP Help." The hole lets anyone put a link on a website that can wipe out certain hard-drive directories.
If, for whatever reason, you don't or can't download the service pack, there is an alternative. There's a file you can rename or delete to fix the security hole. Here are the steps:
1. Perform a search for a file on your C drive called "uplddrvinfo.htm."
2. Once you've found the file, delete it or rename it (such as to uplddrvinfo.htm.old). Doing so will not hinder your ability to use Windows XP.
You may download Service Pack 1 at: http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/default.asp
You may also read about this at the Tech TV "Screen Savers" site at: http://www.techtv.com/screensavers/shownotes/story/0,24330,3398516,00.html
---
We locked this topic at the top of several forums to alert our members about this critical update. It has now been up for several days. We hope everyone is now aware of it.
Please continue discussion of this topic in our Operating Systems forum.
Thank you,
AnandTech Moderator
Facebook
Twitter