- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -

Two Windows XP Vulnerabilities

A Tale of Two Vulnerabilities

It was the best of browsers, it was the worst of browsers…

On November 17, a Danish security firm discovered two Windows XP vulnerabilities—one was with SP2 and the other with Internet Explorer6. Both were found on systems that were completely up-to-date (scary). These two exploits basically trick the security center and IE into thinking that the sites you may be viewing are completely safe. The first exploit uses special headers to fool an option in SP2 to stop potentially harmful downloadable files the exploit stops the usual security warning SP2 making the HTML code look normal and safe. The second vulnerability has to do with a JavaScript save exploit, which can fake the file extension in an HTML document in order to hide it’s own. So what does all this jargon mean? Basically that a website can potentially fool users into downloading malicious code that they think is a legitimate HTML document.

This is something that Microsoft says is diligently researching this issue and will take the appropriate action to stop any susceptibility within their programs. Until then here’s a couple things you can do to insure that your not duped by an unscrupulous html page:

1. Disable Active Script Support. You can do this from your IE interface. Simply go to Tools/Options/security/Internet then find and disable “Active Script Support”

2. Uncheck “Hide file extensions for known file types”. This needs to be done in Windows. Go to Start/Control Panel and select “Tools” from the top of the Window select “Folder options” then click the “View” tab, from there scroll down until you see the option to “Hide extensions for known file types” and make sure it’s unchecked.

3. The other thing you can do is use another browser, such as Firefox

This should take care of it until Microsoft comes out with a patch. This is a newly discovered vulnerability and is really nothing more than a delivery method for potential viruses. So keep your IE buttoned up tight, and you should be fine.

Stay safe out there.

~ Chad