Microsoft plays down SP2 security glitches.

PositionSecurity News and Products - Brief Article

Glitches between Windows XP Service Pack 2 (SP2) and critical applications continue to emerge, with McAfee admitting its flagship VirusScan product prior to version 7.1 requires a customised patch to be operational with Windows ' Security Center, part of SP2.

McAfce also said its enterprise Desktop Firewall product requires a patch before it can function with Windows Security Center. Since it was released, activists have been searching for weaknesses in Microsoft's security--focused service pack. Microsoft has already dismissed claims by German researchers that they had found a flaw.

Now a group has claimed malicious code could bypass the new security procedures in XP by using the drag- and-drop features of Internet Explorer.

Consultant Secunia said researcher http-equiv has demonstrated that "the vulnerability is caused due to insufficient validation of drag-and-drop events issued from the internet zone to local resources". For example, this can be exploited by a malicious web site to plant an arbitrary executable file in a users startup folder, which will be executed the...

To continue reading

Request your trial