'10 new XP SP2 flaws' revealed

A security company has warned that hackers can 'silently and remotely take over any SP2 machine', but Microsoft has rubbished the claims
Written by Jo Best, Contributor
Security firm Finjan has found 10 flaws in Windows XP SP2 -- while Microsoft is saying the warnings are over the top.

According to the security company, the flaws mean that "attackers can silently and remotely take over an SP2 machine when the user simply browses a web page".

Finjan has informed Microsoft of the flaws and is working with the Redmond, Washington-based giant to sew them up. The company won't provide any details about the flaws, which have yet to be patched, in case it helps hackers and virus writers start work on exploiting the vulnerabilities before Microsoft issues any potential fix.

However, Finjan did give details of what kind of attack the flaws could be used to launch.

One, according to the company, would allow hackers to remotely access users' local files, by compromising a feature that disallows remote web pages access to local file apart from by downloading a file.

Another flaw could let hackers bypass XP SP2's notification mechanism about downloading and execution of .exe, which could let them download files without warning the user.

Microsoft, however, isn't hitting the panic button just yet.

A Microsoft spokeswoman said "Microsoft is aware of the claims by Finjan Software of possible vulnerabilities in Windows XP SP2. At this time, Microsoft cannot confirm Finjan’s claims of 'ten new vulnerabilities' in Windows XP SP2. Moreover, Microsoft is currently unaware of active attacks against customers attempting to utilise the alleged vulnerabilities as reported by Finjan."

"Our early analysis indicates that Finjan’s claims are potentially misleading and possibly erroneous regarding the breadth and severity of the alleged vulnerabilities in Windows XP SP2," she added.

Microsoft is investigating the claims and will issue a fix if necessary.

Editorial standards