Tuesday, September 10, 2002
Security hole in XP that requires SP1?
Posted by Ed Hansberry in "OFF-TOPIC" @ 06:18 PM
http://grc.com/default.htm
Steve Gibson has posted an alert on his web site about a very serious security hole in Windows XP (Home and Pro) that is apparently pretty easy to exploit. Tech TV's The ScreenSavers discussed it last night and posted some additional information.
Is your computer open?
Apparently, Microsoft has known about this for months according to The ScreenSaver's site but has not provided a hotfix. It has however been fixed in SP1. The ScreenSaver's posted enough information to allow you to quickly fix the issue until you can download the massive service pack, which is approximately 30MB if you use the express install (depending on services and options installed) and 133MB for the full meal deal. I am downloading it now and it is going very slowly over my DSL connection. I supposed MS's servers are a bit strained between XP SP1 and IE6 SP1 being released this week. In doing so, The ScreenSavers may have given enough information to give a script kiddie enough info to exploit the hole.
So, any XP or HTML gurus here that know any more about this situation and how valid the alert is?
Steve Gibson has posted an alert on his web site about a very serious security hole in Windows XP (Home and Pro) that is apparently pretty easy to exploit. Tech TV's The ScreenSavers discussed it last night and posted some additional information.
Is your computer open?
Apparently, Microsoft has known about this for months according to The ScreenSaver's site but has not provided a hotfix. It has however been fixed in SP1. The ScreenSaver's posted enough information to allow you to quickly fix the issue until you can download the massive service pack, which is approximately 30MB if you use the express install (depending on services and options installed) and 133MB for the full meal deal. I am downloading it now and it is going very slowly over my DSL connection. I supposed MS's servers are a bit strained between XP SP1 and IE6 SP1 being released this week. In doing so, The ScreenSavers may have given enough information to give a script kiddie enough info to exploit the hole.
So, any XP or HTML gurus here that know any more about this situation and how valid the alert is?
