Sign in to follow this  
Guest Fortress

Major Security Flaw Found in Windows XP Help Center

Recommended Posts

From WINXPNEWS:Ouch! There's a major security flaw in the Windows XP Help Center that allows just about anybody to delete files on your computer. All you have to do is open a Web page or an email that has the simple to create code in it and BAM! No more files. This is a real baddie! The problem is fixed with Windows XP SP1, but if you don't want to install SP1, you can still fix this problem. Here's how: Open the Windows Explorer and go to the following folder:WINDOWSPCHEALTHHELPCTRSystemDFS Right click on the file uplddrvinfo.htm and click the Rename command. Rename the file to uplddrvinfo.htm.old If you install any service packs or fixes after renaming the file, check the file again and make sure it doesn't return. If it does, just rename it again. For more information on this problem, check out:http://www.winxpnews.com/rd/rd.cfm?id=020917SE-Help_Center====================Edam speaking:For a small file that will make the change for you, without having to apply that SP1, visit Steve Gibson's site at:http://grc.com/xpdite/xpdite.htmWhile you're there you might want to try "Shields Up" which will examine your Internet vulnerabilities.https://grc.com/x/ne.dll?bh0bkyd2 Naturally, since many people have had problems with XP SP1, I don't agree with their recommendation to download and apply it, but Steve's little program (30k) will eliminate the threat.I've run the program and have had no problems after doing so, but like anything else, use at your own disgression. As an aside, take a look at that video by TechTV's Leo Laporte. It's a riot. He forgets the name of the file, and after fumbling around trying to find it, another guy has to run in and straighten him out.

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

>Steve's little program (30k) will eliminate the threat..or as you say, even simpler, just rename uplddrvinfo.htm to anything else. It's interesting to note that NONE of the individual download patches will fix this, only SP1whey hey!! Hardware firewall and Norton I.S. does it again: Your Internet port 139 does not appear to exist! One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion. Unable to connect with NetBIOS to your computer.All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. Port Service Status Security Implications 21 FTP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 23 Telnet Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 25 SMTP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 79 Finger Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 110 POP3 Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 113 IDENT Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 135 RPC Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 139 NetBIOS Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 143 IMAP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 443 HTTPS Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 445 MSFTDS Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 5000 UPnP Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! Cheers,Paul

http://www.strontiumdog.plus.com/Fortress.gifVoted Best Virtual Airline of 2002 and Best CEO of 2002 by participants in the BIG VA Vote organized by FSPILOT.comVANF "Best" New Virtual Airline AwardOfficially licenced by British Airways plc for use of name and logohttp://www.strontiumdog.plus.com/saint_georgex1.gif

Share this post


Link to post
Share on other sites

>>Steve's little program (30k) will eliminate the threat>..or as you say, even simpler, just rename uplddrvinfo.htm >to anything else. Actually, I didn't say that, but either way will do. >whey hey!! Hardware firewall and Norton I.S. does it again: Yes, it's somewhat comforting to get those results. At least you know that you are safe from the "script kiddies," as long as your email is protected also.

Share this post


Link to post
Share on other sites

>Right click on the file uplddrvinfo.htm and click the Rename command. Rename the file to uplddrvinfo.htm.old ...alright alright, you didn't say that.. but WINXPNEWS did! :-)My mail is also protected, but the only thing I had to do 'pro-actively' is get xp-Antispy3E and close the UPNP port. Before I had a hardware firewall, I used NIS exclusively as my protection, and found that maybe in two or three hours of surfing I'd have maybe 10 intrusion/privacy/hack attempts. I haven't had a single attack reach my PC in the five weeks of using the HW firewall - and I tend to leave my PC on-line 24/7.To (correctly this time) quote you: Yes, it's somewhat comforting to get those results.Thanks for the 'comforting' link :-)Cheers,Paul

http://www.strontiumdog.plus.com/Fortress.gifVoted Best Virtual Airline of 2002 and Best CEO of 2002 by participants in the BIG VA Vote organized by FSPILOT.comVANF "Best" New Virtual Airline AwardOfficially licenced by British Airways plc for use of name and logohttp://www.strontiumdog.plus.com/saint_georgex1.gif

Share this post


Link to post
Share on other sites

>>Right click on the file uplddrvinfo.htm and click the Rename command. Rename the file to uplddrvinfo.htm.old >...alright alright, you didn't say that.. but WINXPNEWS did! BTW...I have NO idea how that newsletter ended up in my Hotmail Inbox, but it's the one and only good "spam" that I have ever received. I look forward to it each week.(Disclaimer: I'm not saying that WINXPNEWS is spam, maybe someone knew that I could make use of it. It may have been one of my "forgetful" friends who forgot to mention that they sent it to me. Either way, I thank that anonymous person for doing so.)

Share this post


Link to post
Share on other sites

He! I like your disclaimer! But seriously, I wonder how a great deal of what arrives in my hotmail inbox actually got there. I suspect Microsoft in certain underhand deals..........Disclaimer: When I say 'underhand' I actually mean totally legitimate and to the common good. As anyone would.Cheers,Paul

Share this post


Link to post
Share on other sites

>He! I like your disclaimer! But seriously, I wonder how a >great deal of what arrives in my hotmail inbox actually got >there. I suspect Microsoft in certain underhand >deals.......... Nah, these spammers have a way of sending out multiple emails to similar type names on popular web-based accounts.>Disclaimer: When I say 'underhand' I actually mean totally >legitimate and to the common good. As anyone would. You want to sell me a bridge, don't you? OK, where is it located? Heh...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this