|
Windows XP
Security Flaw:
Microsoft has released its first
service pack for Windows XP,
Service Pack 1 (SP1). SP1 has several security and reliability updates
for both Windows XP Home and Professional.
A service pack is Microsoft's method of updating the operating system.
Service packs are available for download at Microsoft's website. The
service pack is often a large file, and may take some time to
download. Microsoft has an express installation and a network
installation available. Each installation includes SP1. The former is
for single PCs, while the latter is for installation on multiple PCs.
* A new browser will open. When finished, just
close out of that browser to return to this page.
SP1 fixes a serious security hole in Windows XP. It is very important
to download and install SP1 to maintain the security of your computer.
Alternative to SP1:
If, for whatever reason, you don't or can't download SP1, there is an
alternative method to fixing the XP security hole.
The alternative solution involves renaming or deleting a file on your
system. Here are the steps.
-
Start a file search in Windows
XP.
-
Search for a file named
uplddrvinfo.htm
-
Once you've found the file,
delete it or rename it. Doing so will not hinder your
ability to use Windows XP.
Windows XP users unable to successfully install
the operating system's first service pack face a bad choice: an
unstable system or a vulnerable one with an extremely serious hole
that the newly released SP1 corrects. Now, a software developer has
released a freeware tool to block exploits of the previously
undisclosed flaw--even without SP1.
The flaw, described on a handful of security
message boards, relates to the operation of Windows XP's Help and
Support Center's "self healing" function. It could let a malicious
cracker delete files by remote access. The exploit could be easily
distributed as a URL in an e-mail or on a Web site.
Needed: Fast Fix
Microsoft has fixed myriad such potential hacks
through security patches. However, the company chose not to issue a
separate patch, and instead fixed this one only in SP1, recently
.
"We concluded that the best way to deliver the
fix was via [SP1]. This is in keeping with our long-held conviction
that service packs--not patches--are the delivery vehicle of choice
for security fixes," says a
Microsoft statement posted this week. A Microsoft spokesperson
verified the company will not release a separate security patch for
that specific bug.
This bug is unique, however, because security
researchers consider it to be "trivially easy" to exploit.
"It is such a huge threat--because it is
so trivially performed and so devastating to the unwitting user," says
Steve Gibson, a security expert and software developer who was one of
the first to speak out about the problem.
Gibson has published Xpdite, a
that patches Windows XP without requiring
use of SP1.
"It handily removes the vulnerability from any
Pre-SP1 XP system by replacing the dangerous script file [in XP] with
the safe replacement contained within Service Pack 1," Gibson says.
Slow Adopters
Installation problems are keeping some users
off SP1, but others are backing off for other reasons.
Many users who still have dial-up Internet
access say they don't have the patience to download the file, which
can be 137MB at maximum. The "express" installation involves 30MB of
code, which takes about 90 minutes to download with a 56-kbps modem
connection. In some cases, an ISP will automatically drop lines after
an extended download.
Microsoft offers Windows XP SP1 as a free
download, and will also send a CD containing the update for $10 plus
shipping fees.
Eventually, Windows XP users may have no choice
but to battle the gremlins in their own systems if they ever want an
operating system upgrade. Microsoft has said all future updates to
Windows XP will require that SP1 be installed.
CDHINES Computer Services LLC is
not responsible for any software you choose to download to fix this
security hole or any damage your computer may incur.
| 
