-----Original Message----- From: UNIRAS (UK Govt CERT) Sent: 12 September 2002 11:07 To: [EMAIL PROTECTED] Subject: UNIRAS Brief - 311/02 - AusCERT - Serious Vulnerability Fixed in Microsoft Windows XP Service Pack 1 -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------------ ---- UNIRAS (UK Govt CERT) Briefing Notice - 311/02 dated 12.09.02 Time: 11:00 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre) - ------------------------------------------------------------------------------ ---- UNIRAS material is also available from its website at www.uniras.gov.uk and Information about NISCC is available from www.niscc.gov.uk - ------------------------------------------------------------------------------ ---- Title ===== AusCERT Security Advisory: Serious Vulnerability Fixed in Microsoft Windows XP Service Pack 1 Detail ====== *** BEGIN PGP VERIFIED MESSAGE *** AusCERT Update AU-2002.007 - Serious Vulnerability Fixed in Microsoft Windows XP Service Pack 1 12 September 2002 AusCERT has been made aware of a serious vulnerability in Windows XP's Help and Support Center that can allow deletion of arbitrary files from a Windows XP system. The vulnerability can be exploited simply by using the hcp (Help Center Protocol) pluggable protocol in a web link to the Uplddrvinfo.htm file, stored locally on Windows XP machines. The exact exploit will not be included in this update, however it is simple and requires only that a user follow such a link from any HTML page - either via a local file, in an email message or on the web. The Windows XP Service Pack 1 contains the fix for this vulnerability, and AusCERT strongly recommends that any members using Windows XP assess their situation and install the service pack if feasible. Advanced Windows XP users who do not wish to install the service pack may deregister the hcp pluggable protocol, however this will also disable parts of the Help and Support Center. To deregister the hcp pluggable protocol, use the Registry Editor (regedit.exe) and browse to the key: HKEY_CLASSES_ROOT\hcp\shell\open\command Create a new string data item called DefaultBackup, and give it a value equal to that of the (Default) data item. Then set the (Default) data item's value to the empty string. WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. AusCERT cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. Further information on this vulnerability can be found at Knowledge Base Article Q328940 http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328940 and information on getting Windows XP Service Pack 1 can be found at: Knowledge Base Article Q322389 http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322389 ======================================================================== === Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: [EMAIL PROTECTED] Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ======================================================================== === *** END PGP VERIFIED MESSAGE *** - ------------------------------------------------------------------------------ ---- For additional information or assistance, please contact the HELP Desk by telephone or Not Protectively Marked information may be sent via EMail to: [EMAIL PROTECTED] Tel: 020 7821 1330 Ext 4511 Fax: 020 7821 1686 - ------------------------------------------------------------------------------ ---- UNIRAS wishes to acknowledge the contributions of AusCERT for the information contained in this Briefing. - ------------------------------------------------------------------------------ ---- This Briefing contains the information released by the original author. Some of the information may have changed since it was released. If the vulnerability affects you, it may be prudent to retrieve the advisory from the canonical site to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions contained within this briefing notice. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice. UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large. - ------------------------------------------------------------------------------ ---- <End of UNIRAS Briefing> -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQCVAwUBPYBmCopao72zK539AQEdxQQAsamxX3ukFstLdExJLqxUPsGtfH7B/OBu kOtaeD12CTx+OJMySzZMLDhIDyJbGrsqXieiXSgSFhEWIsnWQk7X4CopWZ+3//1j St3SHBKKHZ4nk9ZlA2Wj0ee8eXHxaAEg+4zVEAklbL+VAWbydJzAcVfJwLmiBZEc 4Sg573wy5is= =3V3Z -----END PGP SIGNATURE----- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk