View Full Version : WinXP Patch

12-20-2001, 11:22 PM
You have probably heard about this already, but I just thought I would let everyone who hasn't know.

From Microsoft
Windows XP Security Patch:
Unchecked Buffer in UPnP can lead to system compromise

This update resolves the “Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise” security vulnerability in Windows XP. Download now to prevent a malicious user from compromising your computer, or using it to interfere with another computer's operation. The vulnerability results because the Windows XP Universal Plug and Play feature does not correctly validate inputs before using them. The patch also eliminates the vulnerability discussed in Microsoft Security Bulletin MS01-054.

Get it here (http://www.microsoft.com/Downloads/Release.asp?ReleaseID=34951)

12-21-2001, 12:28 AM
Just thought everyone might find this interesting...

<--From wininformant.com-->

In a meeting with NATO defense ministers earlier today, US Defense Secretary Donald Rumsfeld warned the alliance that the September 11 terrorist attacks were only the beginning and that future attacks could take on several forms, including conventional, nuclear, and even computer-based weapons. Rumsfeld's warning about computer attacks might seem a bit far-fetched, given that al Qaeda operatives tend to be widely dispersed throughout the world, often in third-world nations. But if police in India are correct, such an attack might have already occurred, with Windows XP as the target.

It sounds crazy. But according to a captured al Qaeda member, who allegedly participated in plotting terrorist attacks in India, Great Britain, and Australia, members of the group were able to pose as programmers and get jobs at Microsoft, where they attempted to plant "trojans, trapdoors, and bugs in Windows XP." The suspect supposedly made the claim this week during a police interrogation in Mumbai, India, according to a report in Newbytes.

A Microsoft spokesperson said the claims were "bizarre and unsubstantiated and should be treated skeptically" and noted that the company couldn't find evidence of malicious code in the system.

<--end article-->

If you go to the front page of zdnet.com, take a look at how their describing the security hole...

"unprecedented security hole discoverd in windows xp"
"the fix closes off a loophole that one security company calls the worst default security vulnerability in windows ever"

12-21-2001, 07:13 AM
A Microsoft............and noted that the company couldn't find evidence of malicious code in the system.

Apert from the millions of lines of code that were already there huh?