dcsimg
 

Windows XP SP2 Has a Dangerous Hole

By Jay Munro  |  Posted 2004-08-25 Email Print this article Print
 
 
 
 
 
 
 

WEBINAR:
On-Demand

Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce


UPDATED: For home users, Windows Security Center in SP2 could actually leave the door open for a damaging system spoof, says PCMag.com.

Windows XP Service Pack 2 promises to raise the security bar for the sometimes beleaguered operating system. Unfortunately, one of the new features could be spoofed so that it reports misleading information about system security, or worse, lets a malicious program watch for an opportunity to do damage without being detected.

The feature is the Windows Security Center (Figure 1), which displays the status of the key elements of your defenses: firewall, updates and anti-virus. If your firewall has been disabled, or your anti-virus is out of date, that news will display here. The information is stored in an internal database managed by the Windows Management Instrumentation (WMI) subsystem built into Windows.

Based on an anonymous tip, PC Magazine looked into the WMI and the Windows Security Center's use of it, and found that it may not only be a security hole, but a crater.

Read the full article for more about details about how this hole may enable hackers to steal data, infect computers and turn them into zombies.

eWEEK.com Editor's Note: See Microsoft's response to this story


 
 
 
 
 
 
 
 
 
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date