Service Pack to Fix Service Pack?!

POPULAR TAGS

Service Pack to Fix Service Pack?!

James Joyner | Thursday, August 19, 2004

Microsoft Corp. has issued a hotfix for Windows XP Service Pack 2 to solve a problem about which many users have complained: programs that attempt to connect to loopback addresses other than 127.0.0.1 get error messages.

The problemâone of several that have appeared in the newly released SP 2âhas been reported by many VPN users since Microsoft introduced the second release candidate in June. However, since it is a hotfix, it is not fully supported. It is expected that Microsoft will issue a more permanent fix in the future.

Meanwhile, security researchers are reporting a new vulnerability in SP2 that could allow a malicious Web site to deposit an attack program on a user’s system.

The attack utilizes Internet Explorer’s drag-and-drop features and the Windows “shell folders” to copy an executable from a malicious Web site to a user’s startup folder, from which it would execute the next time the user logged on. The researcher who reported the problem to security mailing lists provided proof-of-concept code that leaves a file named “malware.exe” in the user’s startup folder.

Umm: Not good.

About the Author: James Joyner is the publisher of Outside the Beltway and the managing editor of the Atlantic Council. He's a former Army officer, Desert Storm vet, and college professor with a PhD in political science from The University of Alabama. He lives just outside the Beltway in Alexandria, Virginia with his wife and infant daughter.

Follow James on FriendFeed | Twitter | Digg