Microsoft downplays XP SP2 flaw claims

Discussion in 'other security issues & news' started by ronjor, Aug 19, 2004.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Jul 21, 2003
    Microsoft has won the first round against security researchers digging for flaws in its Windows XP Service Pack 2 (SP2), dismissing claims by German consultants to have identified vulnerabilities.

    Heise Security said that flaws in the configuration of XP after implementing SP2 could allow files to be downloaded onto a client PC without the user's consent by bypassing the new warning procedure for downloading files.

    But the researchers admitted these holes were mainly theoretical and that no code yet exists to exploit them anyway. Microsoft has said it does not consider the areas identified as issues that it would develop patches or workarounds to address.

    In a statement to the researchers the company said that it had investigated the report, but added: "We don't see these issues as being in conflict with the design goals of the new protections."

    Microsoft later told in a statement: "Microsoft has investigated these reports and is not aware of any instance in which an attacker could specifically bypass the service in email or a web browser to allow a malicious attacker access to a user's system.

    "As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources."

    Heise Security still recommends that users install SP2.

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.