Author Topic: Another MS security problem arises  (Read 2191 times)

preacher

  • VIP
  • Member
  • ***
  • Posts: 858
  • Kudos: 107
    • http://kansascity.cjb.net
Another MS security problem arises
« on: 17 October 2002, 14:10 »
******************
Microsoft Security Bulletin MS02-060: Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)

Title: Flaw in Windows XP Help and Support Center Could Enable
File Deletion (Q328940)
Date: 16 October 2002
Software: Microsoft Windows XP
Impact: Delete files on the user's system
Max Risk: Moderate
Bulletin: MS02-060
 
A security vulnerability is present in the Windows XP version of Help
and Support Center, and results because a file intended only for use
by the system is instead available for use by any web page. The
purpose of the file is to enable anonymous upload of hardware
information, with the user's permission, so that Microsoft can
evaluate which devices users are not currently finding device drivers
for. This information is then used to work with hardware vendors and
device teams to improve the quality and quantity of drivers available
in Windows. By design, after attempting to upload an XML file
containing the hardware information, the system deletes it.
******************

So simply put MS "SPYWARE" has put its users in danger. Why does MS need to upload your hardware info, or any of your info anywhere from your pc without your permission? What else are they uploading? Your mailing address, so they can better serve you by selling it to computer manufacturers so they can flood you with junk mail. Better yet, they should just take your credit card number off of your pc, then upload new versions of MS products right onto your pc, and then you can be pleasantly surprised when you get the bill.
Kansas City Hustle
http://kansascity.cjb.net

Pantso

  • Member
  • **
  • Posts: 1,249
  • Kudos: 55
    • http://www.support-freesoftware.org
Another MS security problem arises
« Reply #1 on: 17 October 2002, 15:57 »
I think they fixed that in SP1 but nonetheless it's a terrible flaw just like any other flaw that arises from that pitifull excuse of an OS   :D

Zombie9920

  • Member
  • **
  • Posts: 1,309
  • Kudos: 33
Another MS security problem arises
« Reply #2 on: 17 October 2002, 17:55 »
quote:
Originally posted by ThePreacher:
******************
Microsoft Security Bulletin MS02-060: Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)

Title: Flaw in Windows XP Help and Support Center Could Enable
File Deletion (Q328940)
Date: 16 October 2002
Software: Microsoft Windows XP
Impact: Delete files on the user's system
Max Risk: Moderate
Bulletin: MS02-060
 
A security vulnerability is present in the Windows XP version of Help
and Support Center, and results because a file intended only for use
by the system is instead available for use by any web page. The
purpose of the file is to enable anonymous upload of hardware
information, with the user's permission, so that Microsoft can
evaluate which devices users are not currently finding device drivers
for. This information is then used to work with hardware vendors and
device teams to improve the quality and quantity of drivers available
in Windows. By design, after attempting to upload an XML file
containing the hardware information, the system deletes it.
******************

So simply put MS "SPYWARE" has put its users in danger. Why does MS need to upload your hardware info, or any of your info anywhere from your pc without your permission? What else are they uploading? Your mailing address, so they can better serve you by selling it to computer manufacturers so they can flood you with junk mail. Better yet, they should just take your credit card number off of your pc, then upload new versions of MS products right onto your pc, and then you can be pleasantly surprised when you get the bill.




*The
purpose of the file is to enable anonymous upload of hardware
information, with the user's permission, so that Microsoft can
evaluate which devices users are not currently finding device drivers
for.*

Nuff said, it only uploads the info with user permission. So how is that spyware? The only reason MS wants to get a larger database of commonly used unsupported by Windows default drivers hardware is so they can include more drivers in future SPs and future releases of Windows(therefore making tthe users Out Of the Box experience better).

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Another MS security problem arises
« Reply #3 on: 17 October 2002, 17:58 »
bollocks.

gods, you are gullible, zombie. what if you want to disable this "feature"? do you automatically give your "permission" by "accepting" the microsoft windows end user licence agreement?

also the fact remains that it is a fucking security liability that could have been fixed a year ago if windows was open source.

dumbass.

[ October 17, 2002: Message edited by: Calum ]

visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

Doctor V

  • Member
  • **
  • Posts: 661
  • Kudos: 0
Another MS security problem arises
« Reply #4 on: 18 October 2002, 08:58 »
For real, once you sign the EULA you give M$ the right to do whatever with your comp they want.  Looking at M$'s record, why would anyone in their right mind believe they are going to use this hidden system code to help people get what they want.  You pro-M# pro-RIAA people are tards.

V

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Another MS security problem arises
« Reply #5 on: 19 October 2002, 20:14 »
you must open a popup with a certain URL in it, then the user must close it and everything on wherever you specify in the url will be deleted. You must do a special URL though. I cant remember it.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Fett101

  • VIP
  • Member
  • ***
  • Posts: 1,581
  • Kudos: 85
    • http://fgmma.com
Another MS security problem arises
« Reply #6 on: 19 October 2002, 21:24 »
It would be something like this.

 hcp://system/DFS/uplddrvinfo.htm?file://c:\windows\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm

But ironically enough, clicking that would delete the exploit.