Windows Security Bulletin

SECURITY ALERT:
If you use Windows XP your system is vulnerable to a very simple attack that could let any hacker delete all the files in any directory by embedding a short invisible command in a web page or HTML email. I’ve demonstrated the attack on The Screen Savers and it’s incredibly easy to implement and totally destructive. It’s one of the most serious security flaws I’ve ever seen.

Microsoft has remained completely silent on this, even though they’ve apparently known about it for 11 weeks. The potential for harm is so great that they and the entire computer security establishment have kept the hole a secret. It’s called “security through obscurity” and, in my opinion, it’s the worst possible way to protect your system.

The short term fix is to delete or rename a file on your system named c:windowsPCHEALTHHELPCTRSystemDFSuplddrvinfo.htm. A better long term solution is to install the Windows XP Service Pack which Microsoft made available yesterday. It’s a fairly big download, over 50 megs on my fully updated system, but it presumably fixes other security flaws we don’t know about.

Steve Gibson has written about this flaw and it was the subject of a security bulletin on Bugtraq.

This is one more reason I’m no longer recommending Windows machines to my family and friends. Microsoft’s security model is so severely flawed that I believe it’s impossible for them to make a secure version of the OS. Use Mac OS X instead. It’s not perfect, either, but it’s much less susceptible to this sort of thing.

And if you use XP, please run Windows Update and install SP-1 as soon as possible. Now that the word’s out I expect to see this exploit all over the place.

81 Replies to “Windows Security Bulletin”

  1. Just a heads up for those who need it. If your copy is not registered
    with MS you can DL and install all the security patches but not the
    file named Service Patch one. Then go to http://www.grc.com and get XPdite.
    This will update “uplddrvinfo.htm” with the fix. You should then be
    OK and still not have to reg your VL-Copy.

  2. Thanks for the info concerning the Windows XP security hole. Needless to say, the first thing I did when I got to the office this morning was to email “quick-fix” instructions to the XP users in our company.
    It’s a shame that most of the general populace won’t be alerted to this threat until it’s too late to do anything about it. I found the destructive HTML code on the web after only fifteen minutes of searching. The bad peeps are going to have a field day with this one.
    Thanks for making technology fun!
    Best wishes,
    DMannnxx

  3. lets all face xp is flawed but its a good time to share some advice my granfather gave to me about cars “never buy the first year of a model” he all ways gave them time to get them right now maby if prople would rember that instead of running to the store to buy xp.
    the reson 98 works now is they fixed the problems years ago.
    leo keep up the good work

  4. I seem to be noticing a theme here – that people think that the only reason people are finding more security holes in XP / Windows in general than in MacOS X is that no one’s looking for them in MacOS X.
    It couldn’t be that Apple based their new OS on a well-established foundation that has undergone years of refinements, versions of which are considered to be the gold standard in computing security, could it?
    No, of course not – how could Microsoft be wrong? Microsoft, who controls most of the market? The majority is never wrong. Just like when people believed that the stars revolved around the Earth.
    Folks, the issue here is not that there’s another security hole in XP – well, that’s part of the issue, but the real issue is that it took Microsoft 11 WEEKS to issue a fix. 11 weeks. If Ford knew that some of their steering wheels could come undone while driving, and could fix it by tightening some bolts, but told no one for 11 weeks, what would you say then?
    Maybe a bit melodramatic, but I think you get my point. And I have no doubt that if Apple had sat on something like this for 11 weeks, people would be all over them.

  5. After vieing the Screensavers and the frankness of Leo in reporting this, I was upset at Microsoft for not releasing a samll patch to fix this glaring hole much earlier. I am not sure I totally agree with Leo on the best thing is to download SP1 to “solve all the problems”( my quote). Having downloaded services packs before I have learned the hard way to NEVER be the “beta” group for microsofts test upgrades until all the bugs are worked out. Seeing that this SP1 has manyu other things built in such as Digital millinnium copyright act garbage in it that should not be the perview of Microsoft to monitor but should be between the person who has the copyrighted item and the individual to mediate.
    Having said this I am looking much closer into LEnix as a peranent replacement for my PC’s. Keep up the Great work Leo

  6. Sorry, new here…
    Seems I got the ‘broken’ Internet Connection problem with SP1 as some others have mentioned, is there any way to ‘fix’ this without removing SP1? I’m just waiting on Linux 8.0 to swith over, but for now I’d like to be able to use my computer. 😛

  7. Thanks Leo,
    I am glad to see someone out there recommending something beside Microsoft Products. This is just one of the many reasons I have outlawed Microsoft at my house. (Except for my laptop that my work insists on standardizing on but I put a Linux partition on it anyway)
    I have three computers at home (Pentium 233 MMX, Pentium 100, and a 486 that is strictly a firwall) and My wife uses the Pentium 100 and I have put Linux on there and use ICEWM window manager for her and she is fine with it and it has actually worked faster for her than when Windows 95 was on there. I put netscape and mozilla on there and wordperfect for linux and she was off and running. She also use flash and realvideo to view video off the internet.
    The first big reason I outlawed windows was I had it on the Pentium 100 and I was always working with it either defragging, anti-virusing, or rebooting to get memory back. Since I put Linux on there I have not touched it or done one maintenance item on it. I have automated my patching, which gets it once a week and sends me an email. This is how computing is suppose to be. I don’t want to be a slave to my computer and I should not have to do so much maintence just to make sure that it is functional for my wife to use.
    Of course the Pentium 233 is mine and running Linux and a web server that I can securely connect to from anywhere in the world that has a browser or ssh on it.
    This is what computing is suppose to be – they are there to serve a purpose and for us to enhance our lives – not take over our lives.
    If I ever buy a new pc you can bet it will be a Mac or a company that sells Linux on their hardware.
    – thanks again

  8. I have had XP since July 2001 (Beta Testing) and have never had a crash. The only problem I have had with SP1 is that I could no longer gateway thru my parent’s computer to connect to our cable connection. I uninstalled it and (20 minutes later) was able to re-set-up the gateway on the first try. Just a warning for that for the rest of the world…

  9. I downloaded SP1 as soon as it was released. Thank goodness I had the presence of mind to create a restore point just before doing so. I lost my wallpaper, my shortcuts quit working, and for that matter, no links would click through, and finally, I lost my ability to connect to the internet. I restored the system and deleted SP1, but I still have freeze ups and crashes that I didn’t before.
    Should I change the file you’re talking about, or just back up my files and hope for the best? I’m almost afraid to do anything else to it!

  10. people wake up if your going to find a hole in something why waste your time with something that only 3% of the world is using go for the whole and get everyone

  11. Windows XP is new for the consumer. Eventually a more secure OS will succeed it. In the meantime, keep in mind, while you may think Microsoft has a strangle hold on the industry, it may very well have. Making it popular for programs with lots of variety and moderately affordable.
    I have no doubt it is imperfect but I also concede that nothing is. I’m sure that any OS Including Mac X can be exploited as a flawed operating system. I have zero computer skills in programming but I’ll bet you this. OS’s are compilations of computer language and jargon made to work under a variety of conditions with hardware and software.
    Not an easy task. Right now Microsoft is under the scope as always. But put any other operating system to the test and see how it fairs. With a slew of hackers and computer buffs attacking Mac X, Linux, and so on. You’ll see it’s just impossible to be secure.
    The holes in Windows were never there, they were created, made and found by ingenuity. They are not holes, there oversights not thought of during the creation process. Is it bad? YES Can it be avoided? NO Not without a lifetime of testing and a little bit of perfection.

  12. All the more reason to make the switch to Linux:
    1. No glaring security holes you could drive a big rig through
    2. No updates hosing your system totally
    3. No draconian EULA’s.
    Me likes the penguins.

  13. is it just me or is there more virtual memory warnings now that the service pack is installed? Before SP1, I never once got a warning in the lower right. Now it is daily.

  14. Thanks Leo for confirming my thoughts. I reached that same conclusion in June after downloading bug and security patches for 12 years. I went and bought a power Mac and I have never been happier with a computer. This despite thr fact that I had to learn a New OS. It’s easier to use, its color control is better and it’s faster for dealing with photos than windows ever was.
    In addition to all that,It contains basic programs like itunes idvd, iphoto, and just about anything you could ask for. I fully understand why so many Mac users are fanatics.

  15. Windows is all together a wide open system with like no security at all. Hail the daemons and penguins.

  16. I need a patch file for The Sims, The patch MUST enable me access to the game from a pirated cd. does any 1 have this file?, Dont send it to my email as i have enabled High security on my junk mail filter and it will not come through, Try sending it @: Tomrogers@mail.com. I hope you are successful as it says in your description at google.com!!!!!!

  17. Isn’t it Ironic that uplddrvinfo.htm, the file that can help harm your system, is in a subfolder of a folder called PC Health.

  18. Thanks for the 4+ hour download Microsoft… Thanks for the heads up leo!!!
    Love the show keep up the great work. What ever happened to the National Radio show with with Premiere Radio Network?

  19. Yeah, the hole kills files with Mozilla as well. I used the hole to delete the file to patch itself like the Bugtraq site suggested.. with Mozilla 1.0.. and it deleted it. Ouch.

  20. This makes me think that I should hold on for another couple of months before I “upgrade” to Windows XP.
    I saw the segment on TSS about WinXP, and it certainly gave me much to think about in terms of my upgrading plans.
    Thanks for the info, Leo!

  21. Thanks alot leo, right after your show I changed it, then someone sent me a URL, i went to it and it was the XP security flaw thing, if i did not change it my system would be GONE! thanks
    P.S- Tell Morgan that i still love her, why wont she answer my e-mails……..just like martin and Lenord Nemoy(however you spell his name) 🙂
    tell morgan to email me, bye
    aaron

  22. Thanks Leo!
    You are here to help us who are trapped with PC’s. However i will not switch to a Mac. I’m too used to PC’s that i refuse to invest in a Mac. I might consider switching if Apple makes OSX avaliable on PC’s.
    RC – It’s just my opinion – So Relax

  23. Being in the security/Digital Rights/Digital Property business, I personally think it was just a move to force people to buy a valid license of the OS. Think abuot it…you cant fix this horrible whole if you have an illegal copy of the OS now go and buy the real one and give Bill more money. The man is just trying to protect his company’s best intrest… its money.

  24. Leo, when I voted on thescreensavers.com’s poll about your head-up, the public opinion was overwhelmingly clear. It was skewed to about 15% who thought you did the right thing, versus 85% who said you did the wrong thing. This baffles me. I don’t use Windows XP, but if I did I would be immensly grateful. I’m grateful you’re out there doing what you do already, but given this form of vulnerability one would think the public would appreciate your tip. I’m on a 56k dial-up, it would be a miracle if I actually completed a download the size of SP-1, & even if I had a faster connection, my paltry 2 gig drive is already packed to capacity. SP-1 would not be an option for me, if I were an XP user, your quick-fix would be my only means of defense. Thanks.

  25. Hi Leo
    After downloading Service Pack 1 on two our in house machines we found that we could no longer user 1 of 2 e-nail accounts on each of the machines.
    Both machines running win XP home and using Outlook Express.
    Although it did not totally remove the accounts it did do enough to hide the accounts to the point that most users would have never found it.
    Quite a nice fix ONCE AGAIN ! Yet after downloading 30 megs of junk just to find out it was going to trash something else………….

Comments are closed.