Windows XP SP2 Has a Dangerous Hole

By Jay Munro  |  Posted 2004-08-25 Email Print this article Print


Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce

UPDATED: For home users, Windows Security Center in SP2 could actually leave the door open for a damaging system spoof, says

Windows XP Service Pack 2 promises to raise the security bar for the sometimes beleaguered operating system. Unfortunately, one of the new features could be spoofed so that it reports misleading information about system security, or worse, lets a malicious program watch for an opportunity to do damage without being detected.

The feature is the Windows Security Center (Figure 1), which displays the status of the key elements of your defenses: firewall, updates and anti-virus. If your firewall has been disabled, or your anti-virus is out of date, that news will display here. The information is stored in an internal database managed by the Windows Management Instrumentation (WMI) subsystem built into Windows.

Based on an anonymous tip, PC Magazine looked into the WMI and the Windows Security Center's use of it, and found that it may not only be a security hole, but a crater.

Read the full article for more about details about how this hole may enable hackers to steal data, infect computers and turn them into zombies. Editor's Note: See Microsoft's response to this story



Submit a Comment

Loading Comments...

Thanks for your registration, follow us on our social networks to keep up-to-date