kronas
18-08-2004, 21:04
the introduction of windows xp service pack 2 has had security compaines testing the software for any bugs that they encounter.
two bugs have already been found:
With Service Pack 2, Microsoft introduces a new security feature which warns users before executing files that originate from an untrusted location (zone) such as the Internet.
There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2.
Windows Explorer does not update zone information properly when files are overwritten. So it can be tricked to execute files from the internet without warning.
source: heise.com
http://www.heise.de/security/artikel/50051
two bugs have already been found:
With Service Pack 2, Microsoft introduces a new security feature which warns users before executing files that originate from an untrusted location (zone) such as the Internet.
There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2.
Windows Explorer does not update zone information properly when files are overwritten. So it can be tricked to execute files from the internet without warning.
source: heise.com
http://www.heise.de/security/artikel/50051