Documente online.
Zona de administrare documente. Fisierele tale
Am uitat parola x Creaza cont nou
 HomeExploreaza
upload
Upload




Without XPdite, Microsoft's Patch, or XP's Service

software


Without XPdite, Microsoft's Patch, or XP's Service
Pack 1, clicking on a simple, but malicious, URL
can delete the entire contents of your directories.



This FREE 30 kbyte "XPdite" utility INSTANTLY protects
your Windows XP system until you install the 1.35
megabyte patch or XP's Service Pack 1.

No matter what your situation, XPdite protects your system . . .

Click any of the images above for a full size view.

File stats for: XPdite

  



Last Updated:
Size: 30k

Sep 17, 2002 at 09:22
(1,206.63 days ago)

Downloads/day: 239
Total downloads: 975,406

Current Rank: 6
Historical Rank: 7

What is going on?
Ever since its original release, Windows XP has contained a critical flaw that could be trivially exploited at any time by any malicious hacker. By causing any Windows XP system to process a specially-formed URL (web-style link), the XP system would obediently delete all or most of the files within any specified directory. (That's not good.)

This flaw is considered critical because these malicious URLs could be delivered to any XP user through any means: via an eMail solicitation, a chat room, a newsgroup posting, a malicious web page, or even processed automatically without the user clicking anything by merely visiting a malicious web page. (That's bad.)

Microsoft was informed of this easily-demonstrated, quite significant, and easily fixed Windows XP defect back in June of 2002. But they chose not to proactively address the significant vulnerability created for their users until the September 9th, 2002, release of Windows XP's first service pack.

Since Windows XP Service Pack 1 repairs many more security, stability, and compatibility problems than just this critical exploit, XPdite should not be considered a replacement for the installation of the whole Service Pack 1. However, reports are that XPdite is much safer to use than Service Pack 1 (see Service Pack 1 caution below) so it may be wise to approach the installation of Service Pack 1 with some caution.

Since the immediate installation of the huge Service Pack 1 may not be feasible for all Windows XP users, or because its installation may cause serious side-effects, and since this vulnerability is so trivially exploited and creates a significant risk to all Windows XP users, I wrote this tiny, quickly and easily downloaded vulnerability patch utility which can be used to instantly patch and secure any Windows XP system against this vulnerability.

~ SERVICE PACK 1 CAUTION ~


We have received many horror stories from users who have had their Windows XP systems badly damaged by the installation of Service Pack 1.

Some users report that one system upgrades without trouble, whereas another is rendered nearly useless. So I want to be clear that I am neither recommending nor advising against the installation of Service Pack 1.

XPdite will easily and instantly cure the vulnerability it was designed to - without any possible side effect or negative consequences. But as for Service Pack  . . you are on your own. (I run nothing but Windows 2000.)

Overheard in our newsgroups ...
"[...] What kinda surprised me was that the MS tech rep informed me they were having a large problem with XP service pack 1, and not to install it."

An editor of a respected security organization ...
"Toshiba advised me to re-install XP from scratch to get rid of the service pack."

Win XP Update Crashes Some PCs ... PCWorld.com, September 20th.

Overheard in the Microsoft newsgroups ...
"I installed [SP1] on 9/19 (and followed all instructions and precautions) and from there on just went through major nightmares, it seems impossible to get SP1 off the system. The symptoms ... escalated to the point where the system became in-operable. Yesterday I spent 4.5 hours with a Tech from HP rescuing my system, as per HP: 3 out of 10 calls they receive are due to problems caused by SP1."

The story continues . . .
Microsoft's original response to people (myself vocally among them) suggesting that they should offer a separate patch for this vulnerability was:

"Others have suggested that Microsoft should have released a patch in addition to including the fix in Service Pack 1. We did consider this as an option when we investigated the report. However, because of architectural details associated with Help and Support Center, building a patch for this particular issue would have required significant technology development."


This assertion by Microsoft was called into question by the fact that I wrote XPdite in half a day. XPdite completely cures this vulnerability and protects XP users from its exploitation. I didn't develop any "significant technology" to do it - I just changed one insecurely designed file. That's all Microsoft had to do if they had wanted to.

What may have really happened . . .
I believe that someone at Microsoft was probably too busy dealing with the many demands they face, and they simply screwed up. Despite the crushing responsibility they carry, they're only human. If we assume that this was simply an oversight, at this point liability concerns probably prevent them from admitting that they goofed. They may know this internally, but we'll never know whether they know, which makes trusting them just a little bit more difficult today than it was yesterday - especially if this original decision was deliberate.

The take away-lesson from this is: We need to watch our own backs. Microsoft will do what it can, but that won't be enough. And when asked afterward what happened, they won't be able to tell us the truth.

One month later . . .
Presumably due to pressure put on Microsoft by my creation of XPdite, which demonstrated for the entire world how easily this serious vulnerability could actually be fixed, coupled with all of the serious problems being experienced after XP's Service Pack 1 was installed, Microsoft officially reversed their earlier position and released a separate security patch to address this problem:


Document Info


Accesari: 1653
Apreciat: hand-up

Comenteaza documentul:

Nu esti inregistrat
Trebuie sa fii utilizator inregistrat pentru a putea comenta


Creaza cont nou

A fost util?

Daca documentul a fost util si crezi ca merita
sa adaugi un link catre el la tine in site


in pagina web a site-ului tau.




eCoduri.com - coduri postale, contabile, CAEN sau bancare

Politica de confidentialitate | Termenii si conditii de utilizare




Copyright © Contact (SCRIGROUP Int. 2024 )