Win-XP Help Center request can wipe your HD

***craig5320*** · Sep 12, 2002, 12:05 AM

Win-XP Help Center request wipes your HD

A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine, we've learned. Worse, MS has rolled the fix silently into SP1 without making a public announcement.

Such a command can be in the form of a clickable link in Messenger, so anyone who hasn't already installed the Service Pack 1, should do so A.S.A.P

Source: <a target="_blank" href="http://www.theregister.co.uk">http://www.theregister.co.uk</a>

Full Article: <a target="_blank" href="http://www.theregister.co.uk/content/4/27074.html">http://www.theregister.co.uk/content/4/27074.html</a>

Second Report: <a target="_blank" href="http://www.theinquirer.net/?article=5354">The Inquirer Article</a>

//.\\//.\\ · Sep 12, 2002, 12:25 AM

What does this mean, im kinda scared right now, should i?

***craig5320*** · Sep 12, 2002, 12:28 AM

Well If you use XP and MSN and haven't installed the SP i recommend it anyway, the clickable links would be like hcp://etc.. so jus' watch out for them, I doubt there's much to worry about, jus' keep an eye out

//.\\//.\\ · Sep 12, 2002, 12:30 AM

ok after reading the article i see, hehe, i excuse my anticipated paranoia.

brc64 · Sep 12, 2002, 04:08 AM

1. I don't use MSN Messenger
2. I don't click links I am unsure of (such as an hcp://)
3. Nobody I know would send me something like that, and I don't click links in messages from total strangers

People need to exercise more caution when they use the internet. I'm still amazed by the amount of people who get infected with email viruses because they ran an EXE file attachment they got from a total stranger.

Thanks for the FYI, though. It just bothers me that things like this are a problem in the first place.

- Me

UBgegq23 · Sep 12, 2002, 03:55 PM

Quote:

Originally posted by brc64
1. I don't use MSN Messenger
2. I don't click links I am unsure of (such as an hcp://)
3. Nobody I know would send me something like that, and I don't click links in messages from total strangers

1.) You don't need to use MSN Messenger to be affected.
2.) You don't need to click any links for this to work. The link could be embedded in a 0x0 IFRAME, referenced by the IMG tag, or have a META REFRESH redirect to the URL.
3.) Maybe you don't click links from strangers posted on a message board, but it wouldn't be hard to get people to do. For example, I could say "Hey everyone, click here for a way to block this vulnerability in case you haven't updated to SP1 yet" (or something similar, you get the idea). If I were able to get people to click the link, I could delete their files.

Quote:

People need to exercise more caution when they use the internet. I'm still amazed by the amount of people who get infected with email viruses because they ran an EXE file attachment they got from a total stranger.

But that's not what this is. This is something which doesn't require user intervention...no attachments have to be clicked. All that would have to happen is a user OPENING an e-mail, and this could be exploited (pre-IE6SP1).

Quote:

Thanks for the FYI, though. It just bothers me that things like this are a problem in the first place.

The problem is that MS included this "functionality", released a fix for it silently in SP1, haven't publically acknowledged the bug, that this bug has been known for eleven weeks, and that it requires no real user intervention to exploit. That's why this is a problem in the first place--it's not because of the users.

skastel · Sep 12, 2002, 04:24 PM

I really hope people don't start trying to exploit this hole on a regular basis. Workin here at Harvard gives me more than enough chances to deal with arogant, ignorant users who are never at fault. If this got big and started hitting comps in our domain, ugh

It would be a nightmare. I can see it now.
Me: "What happened?"
Professor Know it all: "It just stopped working! Now it says it can't find and operating system!"
me: "did you erase the HDD?"
Prof.:"no! you must have done something to it!"
me:"..............we'll get it back to you in a few weeks"
ugh, probably won't happen, especially now that all our new machines are getting my slipstreamed XP w/SP1.

Sep 12, 2002, 12:05 AM	#1
*craig5320* HH Administrator Join Date: May 2002 Location: Manchester, UK Posts: 8,578 Rep Power: 445 System Specs	Win-XP Help Center request can wipe your HD Win-XP Help Center request wipes your HD A malicious Win-XP Help Center request can easily and silently delete the contents of any directory on your Windows machine, we've learned. Worse, MS has rolled the fix silently into SP1 without making a public announcement. Such a command can be in the form of a clickable link in Messenger, so anyone who hasn't already installed the Service Pack 1, should do so A.S.A.P Source: <a target="_blank" href="http://www.theregister.co.uk">http://www.theregister.co.uk</a> Full Article: <a target="_blank" href="http://www.theregister.co.uk/content/4/27074.html">http://www.theregister.co.uk/content/4/27074.html</a> Second Report: <a target="_blank" href="http://www.theinquirer.net/?article=5354">The Inquirer Article</a> __________________ HardwareHeaven on Facebook

Sep 12, 2002, 12:25 AM	#2
//.\\//.\\ A.K.A sCoTcH Join Date: Jun 2002 Location: Around the oldest trees of region 13th, laval. Posts: 89 Rep Power: 0 $//.\\//.\\ is on a distinguished road$	What does this mean, im kinda scared right now, should i? __________________ Don't pretend i'm MAD (//.\\//.\\ ) when in fact i'm MAB!
$//.\\//.\\ is offline$

Sep 12, 2002, 12:28 AM	Thread Starter #3
*craig5320* HH Administrator Join Date: May 2002 Location: Manchester, UK Posts: 8,578 Rep Power: 445 System Specs	Well If you use XP and MSN and haven't installed the SP i recommend it anyway, the clickable links would be like hcp://etc.. so jus' watch out for them, I doubt there's much to worry about, jus' keep an eye out __________________ HardwareHeaven on Facebook

Sep 12, 2002, 12:30 AM	#4
//.\\//.\\ A.K.A sCoTcH Join Date: Jun 2002 Location: Around the oldest trees of region 13th, laval. Posts: 89 Rep Power: 0 $//.\\//.\\ is on a distinguished road$	ok after reading the article i see, hehe, i excuse my anticipated paranoia. __________________ Don't pretend i'm MAD (//.\\//.\\ ) when in fact i'm MAB!
$//.\\//.\\ is offline$

Sep 12, 2002, 04:24 PM	#7
skastel Massive Happiness Join Date: May 2002 Location: Boston, MA Posts: 238 Rep Power: 0	I really hope people don't start trying to exploit this hole on a regular basis. Workin here at Harvard gives me more than enough chances to deal with arogant, ignorant users who are never at fault. If this got big and started hitting comps in our domain, ugh It would be a nightmare. I can see it now. Me: "What happened?" Professor Know it all: "It just stopped working! Now it says it can't find and operating system!" me: "did you erase the HDD?" Prof.:"no! you must have done something to it!" me:"..............we'll get it back to you in a few weeks" ugh, probably won't happen, especially now that all our new machines are getting my slipstreamed XP w/SP1. __________________ Barton 2800+ @ 1998Mhz (12x166) Radeon 9700 Pro ASUS A7N 1 GB Corsair Low Latency PC3200 (2-2-2-5) SBLive! 5.1 WD 80GB JB Samsung DVD 16x+/12x-/2.4x Dual Layer Lite-On CD-R/RW 48x12x48x

Sep 12, 2002, 04:08 AM	#5
brc64 Zeeky H. Bomb Join Date: May 2002 Location: Evansville, IN Posts: 826 Rep Power: 0	1. I don't use MSN Messenger 2. I don't click links I am unsure of (such as an hcp://) 3. Nobody I know would send me something like that, and I don't click links in messages from total strangers People need to exercise more caution when they use the internet. I'm still amazed by the amount of people who get infected with email viruses because they ran an EXE file attachment they got from a total stranger. Thanks for the FYI, though. It just bothers me that things like this are a problem in the first place. - Me