Windows XP SP2 has serious security hole

By Phantasm66
Aug 25, 2004
Topic Status:
Not open for further replies.
  1. Two stories in a row? SP2 seems to be on everyone's minds lately. Probably because we waited so long for it. But it looks like there is a serious security problem.

    The feature that has the hole is the Windows Security Center which displays the status of the key elements of your defenses: Firewall, Updates, and Antivirus. That's good, you say. And it is. But what's not good is that it appears that the Windows Management Instrumentation (WMI) which manages the database of these conditions could be spoofed, meaning that a user could think that their PC was secure, when in fact it was not. Microsoft have yet to issue a statement on the matter.
  2. Tutuca

    Tutuca Newcomer, in training

    I`dont understand how the people still using an OS like MS Windows XP, It`s a bunch of crap!, uses a LOT! of hardware resources only to show "pretty colours an that kind of crap"
    And to complete, now, which assumes is to try to fix security problems, it comes with a problem itself!!
    Microsoft is joking, wright? is a joke wright? wright!!!??
    Microsoft, impale yourself.
    I`ve recommend everytime Linux or may be a Win98/2000.

    - Watch your language on these forums
    Didou
  3. aoj145

    aoj145 Newcomer, in training Posts: 90

    Obviously your OS of choice isn't advanced enough to include applications with spelling and grammer checking capabilities.

    Dude, count to ten and take a deep breath.... :p
  4. Tutuca

    Tutuca Newcomer, in training

    Sorry...

    Sorry for my bad english...
    And for my language...
    I´m speak Spanish...
    But windows XP upset me... :D
  5. EvilKernel

    EvilKernel Banned Posts: 36

    I don't know what's worse, the fact that he made such cliche statements like "I recommend Linux..." or the fact that he bashed XP/MS to later end his post recommending Win98 and yes, Win2K, which was what XP was based on. LOL LOL

    This is the kind of post that make you wish forums like these quized their members before joining.
  6. Didou

    Didou Bowtie extraordinair! Posts: 5,899

    Some people still prefer Windows 2000 over Windows XP, even though they are based on the same kernel.

    2K has "lower" system requirements & a few security points above XP.
  7. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 2,382   +15

    is there a fix for this? and Tutuca, u can turn that stuff off u kno
  8. Well, I'm not very suprised to say the least...

    Why is anyone? I'm still a happy Win2K user, and yes GNU/Linux is a pretty secure system, however I find just the ¨plain Linux to be quite lacking compared to 2K/XP :D
  9. MYOB

    MYOB Newcomer, in training Posts: 527

    This is news? Surely everybody *knew* thered still be gaping holes after SP2 came out.
  10. LOL...wait until these hackers start tearing holes in Linux....then what are you guys going to cry about?

    XP rules.
  11. MYOB

    MYOB Newcomer, in training Posts: 527

    Nothing. I don't use Linux. Or XP.
     
  12. turn off WMI service.
  13. $oulo

    $oulo Newcomer, in training Posts: 79

    Here's what a friend of mine had to say about this.........

    "'I'd be extremely surprised if a malicious program could exploit the security center through WMI. WMI objects do have access controls on them, not just any process can access a WMI object like those used in the security center unless the objects are designed to be open like that.

    They do make an interesting point though, if the WMI objects for WSC *are* open, then yes, it'd be easy for a program to watch for when the system protection level drops down (if ever?). They're correct that antivirus or intrusion detection systems don't watch WMI accesses (at least none that I've worked with). So it would be a "low and slow" method for a bad program to watch and wait for an opportunity.

    Regardless, a malicious process would have to be started by you, so you'd have to be already vulnerable to a virus or be tricked into starting the process under your security context. It would also be interesting to see if the user has access to the WMI objects or if a system process has to access them for you.

    I'm going to send the link to a couple of people at MS and see what they have to say.

    EDIT:

    DOH! Right after I emailed a friend at MS, I read the follow up article:

    "To spoof the Windows Security Center WMI would require system-level access to a PC. If the user downloads and runs an application that would allow for spoofing of Windows Security Center, they have already opened the door for the hacker to do what they want. In addition, if malware is already on the system, it does not need to monitor WSC to determine a vulnerable point of attack, it can simply shut down any firewall or AV service then attack – no WSC is necessary"

    So like I said, you have to execute the malware to give it the proper access. The article is saying that putting all the security status information in an easily accessible form is a problem. Normal users want such information in an easily accesible form. Sometimes you can't win."
  14. What do you use then? Mac?

    What do you consider 'plain' Linux? 'Plain' Linux would be just a Kernel, and you can't do much with that. What people think of as Linux is the 'Linux Distribution' which includes a load of other open source software. Which distros have you tried anyway? Sounds to me like you either tried Linux way way way back in the day or you were using a minimalist distro. Minimalist distros are only good for high performance scientific calculations and servers because it cuts out a lot of the 'frills and lace' overhead so it can get the job done quicker (which Windows has no capability of doing). Would you go to work at a construction site in an Armani suit? The GUIs available for Linux can even be customized to look and work like anything that exists (Windows, Mac OS, etc...) or anything you can dream of.
  15. Did anyone bother to take note in the article that they have made proof of concept code? Look at figure two and the paragraph describing it.
  16. MYOB

    MYOB Newcomer, in training Posts: 527

    No. I do use some Apple made PowerPC hardware, but I use BeOS.
  17. I was being ironic, sorry, I have used Debian/Knoppix and Red Hat
  18. young&wild

    young&wild TechSpot Chancellor Posts: 1,268

    Not a suprise to see SP2 having serious security holes.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.