A friend sent me this:


Security Flaw in WindowsXP!

Just clicking on a malicious web page or reading an email (not even having to open attachment) can delete ANY files that someone wants to on your computer if you are running ANY version of XP.

FIX:

Delete or Rename the following file:

uplddrvinfo.htm

It is located in the PC Help Directory

Microsoft is not giving this info out because they are including the fix in SP1 and that can only be installed on “Legitimate” installations of ALL versions of WindowsXP. It is ALSO a pretty big update 30 - 140 MB and if you are on a dialup you are going to wait quite a while to download the whole update.



Microsoft Responds


I agree that, all other things being equal, the installation of the full Windows XP Service Pack 1 provides much more comprehensive protection than simply changing a single, easily exploited file. However, XPdite conclusively demonstrates that a huge and possibly problematic 30 to 140 megabyte download is not needed to quickly and easily resolve this gaping vulnerability. In other words, a small and lightweight interim Windows Update is what should have been done. (And notice that it still could and should be done.)

On that explanation page Microsoft writes: "Others have suggested that Microsoft should have released a patch in addition to including the fix in Service Pack 1. We did consider this as an option when we investigated the report. However, because of architectural details associated with Help and Support Center, building a patch for this particular issue would have required significant technology development. We concluded that by the time we could complete these changes and build a patch, Service Pack 1 would already be in customers' hands." . . . With all due respect, that's clearly not the truth. There was nearly a three month gap between their confirmation of this vulnerability and the release of Service Pack 1. My XPdite fix was born in less than a day and required a simple change to one .htm file.

I believe that someone at Microsoft was probably too busy dealing with the many demands they face, and they simply screwed up. Despite the crushing responsibility they carry, they're only human. At this point, liability concerns probably prevent Microsoft from admitting that they goofed. I imagine that they know that internally, but we'll never know whether they know, which makes trusting them just a little bit more difficult today than it was yesterday.

The take away-lesson from this is: We need to watch our own backs. Microsoft will do what it can, but that won't be enough. And when asked afterward what happened, they won't be able to tell us the truth.



http://grc.com/xpdite/xpdite.htm

They have more than just security flaws in Win XP - I have Pro. I had my new PC less than 2 weeks and it crashed (shoulda got a Mac). I still haven't been able to install my NIS 2002 (I can't even install another brand with firewall & utilities programs) & Lexmark X83 printer, copier, scanner (yes, I'm using another anti-virus). I'm contacting Lexmark about the uninstaller I downloaded from their site (which also uninstalled my Word, Excel, Help, and Search - I had to re-install and re-register with Microsoft).

Grrrrrrr!

I've got things running fairly smoothly now, but still have a few tweaks to do. Hopefully they'll get their acts together. Thanks for the post.

I have XP-PRO and noticed none of the above mentioned! A clean reofrmat of the HD and OS was all I needed! Cuz I made sure before I baught it everything was compadible and I mean everything!

http://www.microsoft.com/windows/catalog/catalogshell/shell.asp?subid=22

And with AT&T BroadBand obtaining SP1 was a snap! But a CD is also available so don't frett!

ivnj