Dizzy, SP2 has a problem. Anxious Microsoft releases a formal version of SP2, so look at it everywhere, did not expect. . . . Hey! I have never seen such a message!
Last week, Germany's HEISE Security announced that they have discovered two vulnerabilities existing in the Windows XP SP2 service package, which can be used by computer intruders to run executables. The first vulnerability: Generally, Microsoft's IE browser divides files into several security levels, called Zone IDs, all from the online files are set to level 3, IE does not allow automatic operation and open these files Or the warning will be reported when you open these files. However, HEISE research found that you can open these 3-level files directly from the Command Shell, which is directly opened in the command line environment without any warnings. Such viral authors can pack the virus into the command line of CMD / C Evil.exe to run directly, and cannot afford this attack in SP2. The second vulnerability: Still related to the vulnerability of the zone ID, because the storage file of the zone ID can only be hit three-level label directly from the message and online files, so when you copy and save the file locally, these files The security level is level 1, namely local security documents. In the case of unknowing, users have buried these "safe bombs" on their own computers. Thor Larholm, a senior security researcher at Pivx Solutions, said that more vulnerabilities in SP2 will be discovered. He said: "I am convinced that there will be more serious vulnerabilities in the next few weeks, and the viruses who use these vulnerabilities and escaping the SP2 defense system will also have a surface in the next few months." Larholm has discovered in the past few years. Many vulnerabilities in Windows XP and IE exists. Microsoft did not disclose whether they received a report of SP2 new vulnerabilities, but they said that the company's research team has previously investigated the various vulnerabilities that Larholm claims. Security experts also pointed out that Microsoft did not solve many known security issues in the SP2 service package. Eeye Digital Security Company's Chief Technology Officer Marc MAIFFRET, although the function of the firewall in SP2 has been perfected, but it still exists the same hidden dangers like other personal firewalls, that is, the program that can be performed by any local execution. The news that the vulnerability in SP2 will enable the company to upgrade Windows XP more. The main purpose of SP2 is to enhance the security of Windows XP in processing network data, programs, web browsing, and email. Since the emergence of the impact wave virus on August 11 last year, Microsoft has been more than a year of efforts, and finally introduced SP2 service packs. Microsoft President Bill Gates describes SP2 as the most free upgrade of Windows, the company has admitted that SP2 development has affected the progress of other projects, like Longhorn and so on.