Service Pack to Fix Service Pack?!
Bugs, Exploits Dog XP SP2 (E-Week.com)
Microsoft Corp. has issued a hotfix for Windows XP Service Pack 2 to solve a problem about which many users have complained: programs that attempt to connect to loopback addresses other than 127.0.0.1 get error messages.
The problemÃ¢€”one of several that have appeared in the newly released SP 2Ã¢€”has been reported by many VPN users since Microsoft introduced the second release candidate in June. However, since it is a hotfix, it is not fully supported. It is expected that Microsoft will issue a more permanent fix in the future.
Meanwhile, security researchers are reporting a new vulnerability in SP2 that could allow a malicious Web site to deposit an attack program on a user’s system.
The attack utilizes Internet Explorer’s drag-and-drop features and the Windows “shell folders” to copy an executable from a malicious Web site to a user’s startup folder, from which it would execute the next time the user logged on. The researcher who reported the problem to security mailing lists provided proof-of-concept code that leaves a file named “malware.exe” in the user’s startup folder.
Umm: Not good.