- Related Stories
-
Windows worms knocking out computers
August 16, 2005 -
IE flaw opens door to infection on sight
August 9, 2005
Computers running Windows XP with Service Pack 1 in a specific configuration are vulnerable to worm attacks similar to the ones that hit Windows 2000 systems, Microsoft said in a security advisory published Tuesday.
The Zotob worm and its offshoots, plus several other worms, downed Windows 2000 computers, including systems at ABC, CNN and The New York Times. All the worms exploited a security hole in the plug-and-play feature in Windows, for which Microsoft provided a fix earlier this month and rated as "critical" for Windows 2000.
It was previously thought that only Windows 2000 machines were vulnerable to remote attack using the plug-and-play flaw. However, Microsoft in its security advisory on Tuesday specified one scenario that also exposes select Windows XP users.
Also vulnerable are systems that run Windows XP with SP1 with file and printer sharing and the Windows guest user account enabled, according to Microsoft. This would likely be home users, because PCs are not vulnerable if connected to a network domain, which is common in business environments, Microsoft said.
"This is a minor and narrow attack scenario," said Debby Fry Wilson, a director at Microsoft's Security Response Center. "However, because Windows 2000 customers were attacked last week, we wanted to take the extra precaution of offering customers this clarifying information."
The probability that there are many vulnerable systems out there "is very remote," Fry Wilson said. Most consumers have upgraded their Windows XP machines to Service Pack 2, she said. In businesses, where Windows XP SP1 is more common, computers are not vulnerable because they are typically connected to a domain, she said.
Microsoft was made aware of the Windows XP attack possibility by security vendor Symantec, Fry Wilson said. Microsoft urges users to apply the security patches it provided earlier this month. Also, Microsoft is not aware of any attack exploiting the plug-and-play flaw that targets Windows XP.
See more CNET content tagged:
Zotob worm, Microsoft Windows 2000, Microsoft Corp., security, service pack
concerned would only be those who had Sys Admins who had
updated them to SP1, but of course wouldnt go up to SP2, and
are hopefully behind a domain. While they say the home users
would not be as likely to be affected becuase all the "smart"
home users had beaten the Corp. Sys Admins to the punch and
installed SP2 on their own, yeah right! According to MSFT, who
learned of this new XP hole from Symantec, there is not a big
window of vulnerability on XP, so long as youre in a domain, or
using SP2; thats for this week. What lies ahead for next week,
and next month on patch Tuesday is anybodys guess. Someone
ought to figure out a way to sue MSFT for negligence, they make
no effort to build a secure system, and check it themselves,
rather leaving it to the guinea Pigs, ie: Windows users, and
Symantec. Scary.
Is this not the default configuration for a SP1 install?
In the initial release they mentioned "some older versions of XP"
some seems to imply > 1.
How many "older" releases of XP were there?
So they mean it impacts everything but XP SP2?
I will stick up for MS when I think they are correct, but if they are downplaying another vuln in XP SP1 then the media needs to fry them for it.
My brother is running copy of XP SP1 Pro with many of the updates and he told me he has this worm and he needed my help. I didn't believe him because his install is hardly "older" but I think I will have to drive over and take a look eh.
infection was limited to Win2k and limited in scope? Now the
this worm issue affects run of the mill XP users not lucky enough
to be hiding behind a domain?
I am butt sick of taking guff off of MS zealots who downplay
every attack "scenario" as if we have ferns growing out of our
ears. Wake up and smell the festering infection. "Microsoft urges
users to apply the security patches it provided earlier this
month..." How about MS stops pushing it's worm ridden
alphabet soup out to the general public? How about we stop
buying it?
"Professionals" in that, STILL cling to the misguided notion that
computers are supposed to work this way? There are computers
in the world that don't have this level of vulnerability.
Why would accept this level of service. The answer is you
wouldnt if it were anything else. I knew immediately on hearing
about the "Win2k only" statement that is was only a matter of
time,...
Like the old joke goes, a 32bit patch for a 16bit OS built for an
8bit processor,...
No matter how many layers of GUI and patchs MS piles on, this
is all Windows will ever be until they decide to break support for
all the crap and force developers to actually do some work by
re-writing the entire behemouth,....
Until then I watch these alerts with much amusement, and thank
god I saw the light 4 years ago, and no longer have to worry
about such things.
And before the flames begin, no I am not reffering only to
Macintosh, but there are other OS's that this is equally true of,
the internet is mostly powered by them.
- Oh goody,
- by Nathan Lunn August 24, 2005 9:29 AM PDT
- M$ has, yet again, assured me that I am safe. I feel so much better know.
- Like this Reply to this comment
-
(8 Comments)For those of you not capable of identifying it (M$ zealots), that was sarcasm.