Skip

Help yourself to an exploit.
September 11, 2002 2:39 PM   Subscribe

Help yourself to an exploit. No biting social commentary here, just spreading the word on an ooky Win XP exploit in the form of a malicious Help Center request. The patch has been silently rolled into SP1, and is otherwise unavailable. Of course, if you want to install SP1, you'll have to agree to that nasty Trojan EULA.
posted by badstone (17 comments total)

 
Wow. That's really terrible. If I were more of a conspiracy theorist, I'd claim it was intentional in order to make people feel that ungrading to SP1 (and thereby enabling the EULA) was mandatory.
posted by blueshammer at 2:46 PM on September 11, 2002


no reason to be a conspiracy theorist where it comes to microsoft. microsoft IS one big conspiracy.
posted by quonsar at 2:49 PM on September 11, 2002


I love the last suggestion on ways to fix on this page, which uses the exploit to delete the offending file.

This is a nasty flaw, for sure.
posted by malphigian at 2:59 PM on September 11, 2002


Argh. Not only do we have to agree to give our firstborn to the Gates family with SP1, I'm currently tracking an estimated 200 minute download time for a 50 MB file, over a T3!

Bill needs bandwidth!
posted by WolfDaddy at 3:16 PM on September 11, 2002


malphigan: just thought I'd point out the top line of the page you linked...

Wow, Microsoft should hire some compitent staff..

Now I don't know who to trust!!
posted by Dark Messiah at 3:21 PM on September 11, 2002


I was really surprised when it was mentioned on Tech TV's The Screen Savers Monday (same day SP1 was officially released via Windows Update). This is a very nasty bug indeed.

Here's a BugTraq post that goes in to more detail about the Exploit.

Like the article says, if you don't want to install SP1, at least rename or delete the file c:\windows\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm
posted by rogue at 3:39 PM on September 11, 2002


A few days ago I read Microsoft intended to release free SP1 CDs, however, I cannot find such information on Microsoft's site. Is there information to confirm this is Microsoft's plan?
posted by quam at 3:45 PM on September 11, 2002


quam: I read the same thing in my local paper. Maybe SP1 isn't ready yet. I don't spend much time, keeping up on OS news. Mine's working fine right now -- why jinx it.
posted by Dark Messiah at 3:48 PM on September 11, 2002


I deal with Microsoft the same way my parents dealt with new car models. You never want to buy an "all new for year x" car the same way that you have to give Microsoft a couple of years to work out some of the major bugs in their crappy software.

Upgrade to XP? What do you think I am, a complete idiot?

Not to mention the fact that Microsoft "updates" seem to break Windows quite often, at least in my personal experience.
posted by mark13 at 4:08 PM on September 11, 2002


How can they legally attach different terms to the purchase for a fix? Its like buying a broken toaster and told you need to give your social security number for the replacement part. Software needs to be seen as a product and has to come with some warranty that isn't an excuse to further deepen MS's products.

mark13: That's good advice, but good luck finding an OEM dealer willing to sell you W2K. MS is pushing XP hard and for reasons which probably don't make sense they're quickly phasing out W2K, arguably their best OS. The one XP laptop I've had to deal with has been nothing but trouble and thats using MS software on an MS network! Seriously, avoid XP if you can. I expect W2K to be pirated more than ever now when you can't order a W2K computer anymore. I think its fairly obvious XP was rolled out way too soon purely for profit and MS figured it could control the damage by quickly releasing hotfixes. Thanks, but no thanks.
posted by skallas at 5:03 PM on September 11, 2002


I've found XP to be nothing but pure bliss in every way, compared to past Windows OSes. My only complaint is lack of drivers for my scanner, but that's Epson's fault, not Microsoft's. I haven't installed SP1 yet, but unless something has changed, the auto-update feature is easily disabled.
posted by daveadams at 7:08 PM on September 11, 2002


On the page linked from The Register, one of the "Easy Fixes" that he gives is to use a browser other than IE.
He's wrong about this. I tried it in Mozilla and it still deleted files, so don't think that you're safe just because you're not using IE.
The self-destructing link worked great though!
posted by Pharkas at 8:54 PM on September 11, 2002


Then the answer isn't "get a real browser".

It's "get a real operating system".
posted by baylink at 9:29 PM on September 11, 2002


Personally, I am going to ride my Win2k box like an old Mac addict until the hardware itself dies.

The machine (typically) works just fine. XP has no real compelling features for me. I boot, I browse, type, and game.

I am giving up the ghost for the next upgrade. OS X sounds tastier every day.
posted by Tystnaden at 10:09 PM on September 11, 2002


Correct Pharkas... since the hcp:// protocol is registered in Windows and assigned to the help center, any application that's smart enough to forward requests it doesn't natively handle will launch it.
posted by rogue at 10:46 PM on September 11, 2002


i'm with skallas, this seems completely outside legal means. it's like adding rules to a game after it's started... both illegal and immature.
posted by phylum sinter at 4:06 AM on September 12, 2002


I like XP for the most part. The only problem I have encountered is that WinMX transfers run at slower than modem speeds. I don't know if that is a problem with the new version 3.3 or if Microsoft has something in there to mess with P2P. All I know is that when WinMX is running, my bandwidth gets destroyed.
posted by McBain at 7:54 AM on September 12, 2002


« Older   |   September eleventh Newer »


This thread has been archived and is closed to new comments



Post