The plug-and-play vulnerability that caused havoc for Windows 2000 users last week also holds a serious risk for some Windows XP users, Microsoft said Tuesday.
Computers running Windows XP with Service Pack 1 in a specific configuration are vulnerable to worm attacks similar to the ones that hit Windows 2000 systems, Microsoft said in a security advisory published Tuesday.
The Zotob worm and its offshoots, plus several other worms, downed Windows 2000 computers, including systems at ABC, CNN and The New York Times. All the worms exploited a security hole in the plug-and-play feature in Windows, for which Microsoft provided a fix earlier this month and rated as "critical" for Windows 2000.
It was previously thought that only Windows 2000 machines were vulnerable to remote attack using the plug-and-play flaw. However, Microsoft in its security advisory on Tuesday specified one scenario that also exposes select Windows XP users.
Also vulnerable are systems that run Windows XP with SP1 with file and printer sharing and the Windows guest user account enabled, according to Microsoft. This would likely be home users, because PCs are not vulnerable if connected to a network domain, which is common in business environments, Microsoft said.
"This is a minor and narrow attack scenario," said Debby Fry Wilson, a director at Microsoft's Security Response Center. "However, because Windows 2000 customers were attacked last week, we wanted to take the extra precaution of offering customers this clarifying information."
The probability that there are many vulnerable systems out there "is very remote," Fry Wilson said. Most consumers have upgraded their Windows XP machines to Service Pack 2, she said. In businesses, where Windows XP SP1 is more common, computers are not vulnerable because they are typically connected to a domain, she said.
Microsoft was made aware of the Windows XP attack possibility by security vendor Symantec, Fry Wilson said. Microsoft urges users to apply the security patches it provided earlier this month. Also, Microsoft is not aware of any attack exploiting the plug-and-play flaw that targets Windows XP.
Corp users with SP1 are not affected IF, theres a domain
So according to Ms. Fry at MSFT, the XP users who are to be concerned would only be those who had Sys Admins who had updated them to SP1, but of course wouldnt go up to SP2, and are hopefully behind a domain. While they say the home users would not be as likely to be affected becuase all the "smart" home users had beaten the Corp. Sys Admins to the punch and installed SP2 on their own, yeah right! According to MSFT, who learned of this new XP hole from Symantec, there is not a big window of vulnerability on XP, so long as youre in a domain, or using SP2; thats for this week. What lies ahead for next week, and next month on patch Tuesday is anybodys guess. Someone ought to figure out a way to sue MSFT for negligence, they make no effort to build a secure system, and check it themselves, rather leaving it to the guinea Pigs, ie: Windows users, and Symantec. Scary.
"file and printer sharing and the Windows guest user account enabled"
Is this not the default configuration for a SP1 install?
In the initial release they mentioned "some older versions of XP"
some seems to imply > 1. How many "older" releases of XP were there?
So they mean it impacts everything but XP SP2?
I will stick up for MS when I think they are correct, but if they are downplaying another vuln in XP SP1 then the media needs to fry them for it.
My brother is running copy of XP SP1 Pro with many of the updates and he told me he has this worm and he needed my help. I didn't believe him because his install is hardly "older" but I think I will have to drive over and take a look eh.
Were we not told by the MS faithful just last week that this infection was limited to Win2k and limited in scope? Now the this worm issue affects run of the mill XP users not lucky enough to be hiding behind a domain?
I am butt sick of taking guff off of MS zealots who downplay every attack "scenario" as if we have ferns growing out of our ears. Wake up and smell the festering infection. "Microsoft urges users to apply the security patches it provided earlier this month..." How about MS stops pushing it's worm ridden alphabet soup out to the general public? How about we stop buying it?
SP2 is hardly without its problems ie compatibility. not eveyone wants to upgrade to SP2 if it will affect the stability of their operating system. and what happens when zotob is modified to hit SP2 machines? what next? you have to wait for a patch and pray that you don't get slammed in the meantime. if you really want to be secure, use a real operating system such as linux and forget about the hundreds of security warnings MS users have to put up with.
Why do Windows users, yes I include sys. admins and IT "Professionals" in that, STILL cling to the misguided notion that computers are supposed to work this way? There are computers in the world that don't have this level of vulnerability.
Why would accept this level of service. The answer is you wouldnt if it were anything else. I knew immediately on hearing about the "Win2k only" statement that is was only a matter of time,...
Like the old joke goes, a 32bit patch for a 16bit OS built for an 8bit processor,...
No matter how many layers of GUI and patchs MS piles on, this is all Windows will ever be until they decide to break support for all the crap and force developers to actually do some work by re-writing the entire behemouth,....
Until then I watch these alerts with much amusement, and thank god I saw the light 4 years ago, and no longer have to worry about such things.
And before the flames begin, no I am not reffering only to Macintosh, but there are other OS's that this is equally true of, the internet is mostly powered by them.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
concerned would only be those who had Sys Admins who had
updated them to SP1, but of course wouldnt go up to SP2, and
are hopefully behind a domain. While they say the home users
would not be as likely to be affected becuase all the "smart"
home users had beaten the Corp. Sys Admins to the punch and
installed SP2 on their own, yeah right! According to MSFT, who
learned of this new XP hole from Symantec, there is not a big
window of vulnerability on XP, so long as youre in a domain, or
using SP2; thats for this week. What lies ahead for next week,
and next month on patch Tuesday is anybodys guess. Someone
ought to figure out a way to sue MSFT for negligence, they make
no effort to build a secure system, and check it themselves,
rather leaving it to the guinea Pigs, ie: Windows users, and
Symantec. Scary.
Is this not the default configuration for a SP1 install?
In the initial release they mentioned "some older versions of XP"
some seems to imply > 1.
How many "older" releases of XP were there?
So they mean it impacts everything but XP SP2?
I will stick up for MS when I think they are correct, but if they are downplaying another vuln in XP SP1 then the media needs to fry them for it.
My brother is running copy of XP SP1 Pro with many of the updates and he told me he has this worm and he needed my help. I didn't believe him because his install is hardly "older" but I think I will have to drive over and take a look eh.
infection was limited to Win2k and limited in scope? Now the
this worm issue affects run of the mill XP users not lucky enough
to be hiding behind a domain?
I am butt sick of taking guff off of MS zealots who downplay
every attack "scenario" as if we have ferns growing out of our
ears. Wake up and smell the festering infection. "Microsoft urges
users to apply the security patches it provided earlier this
month..." How about MS stops pushing it's worm ridden
alphabet soup out to the general public? How about we stop
buying it?
"Professionals" in that, STILL cling to the misguided notion that
computers are supposed to work this way? There are computers
in the world that don't have this level of vulnerability.
Why would accept this level of service. The answer is you
wouldnt if it were anything else. I knew immediately on hearing
about the "Win2k only" statement that is was only a matter of
time,...
Like the old joke goes, a 32bit patch for a 16bit OS built for an
8bit processor,...
No matter how many layers of GUI and patchs MS piles on, this
is all Windows will ever be until they decide to break support for
all the crap and force developers to actually do some work by
re-writing the entire behemouth,....
Until then I watch these alerts with much amusement, and thank
god I saw the light 4 years ago, and no longer have to worry
about such things.
And before the flames begin, no I am not reffering only to
Macintosh, but there are other OS's that this is equally true of,
the internet is mostly powered by them.
For those of you not capable of identifying it (M$ zealots), that was sarcasm.