Help yourself to an exploit.
September 11, 2002 2:39 PM   Subscribe

Help yourself to an exploit. No biting social commentary here, just spreading the word on an ooky Win XP exploit in the form of a malicious Help Center request. The patch has been silently rolled into SP1, and is otherwise unavailable. Of course, if you want to install SP1, you'll have to agree to that nasty Trojan EULA.
posted by badstone (16 comments total)
Wow. That's really terrible. If I were more of a conspiracy theorist, I'd claim it was intentional in order to make people feel that ungrading to SP1 (and thereby enabling the EULA) was mandatory.
posted by blueshammer at 2:46 PM on September 11, 2002

no reason to be a conspiracy theorist where it comes to microsoft. microsoft IS one big conspiracy.
posted by quonsar at 2:49 PM on September 11, 2002

I love the last suggestion on ways to fix on this page, which uses the exploit to delete the offending file.

This is a nasty flaw, for sure.
posted by malphigian at 2:59 PM on September 11, 2002

Argh. Not only do we have to agree to give our firstborn to the Gates family with SP1, I'm currently tracking an estimated 200 minute download time for a 50 MB file, over a T3!

Bill needs bandwidth!
posted by WolfDaddy at 3:16 PM on September 11, 2002

malphigan: just thought I'd point out the top line of the page you linked...

Wow, Microsoft should hire some compitent staff..

Now I don't know who to trust!!
posted by Dark Messiah at 3:21 PM on September 11, 2002

I was really surprised when it was mentioned on Tech TV's The Screen Savers Monday (same day SP1 was officially released via Windows Update). This is a very nasty bug indeed.

Here's a BugTraq post that goes in to more detail about the Exploit.

Like the article says, if you don't want to install SP1, at least rename or delete the file c:\windows\PCHEALTH\HELPCTR\System\DFS\uplddrvinfo.htm
posted by rogue at 3:39 PM on September 11, 2002

A few days ago I read Microsoft intended to release free SP1 CDs, however, I cannot find such information on Microsoft's site. Is there information to confirm this is Microsoft's plan?
posted by quam at 3:45 PM on September 11, 2002

quam: I read the same thing in my local paper. Maybe SP1 isn't ready yet. I don't spend much time, keeping up on OS news. Mine's working fine right now -- why jinx it.
posted by Dark Messiah at 3:48 PM on September 11, 2002

I deal with Microsoft the same way my parents dealt with new car models. You never want to buy an "all new for year x" car the same way that you have to give Microsoft a couple of years to work out some of the major bugs in their crappy software.

Upgrade to XP? What do you think I am, a complete idiot?

Not to mention the fact that Microsoft "updates" seem to break Windows quite often, at least in my personal experience.
posted by mark13 at 4:08 PM on September 11, 2002

I've found XP to be nothing but pure bliss in every way, compared to past Windows OSes. My only complaint is lack of drivers for my scanner, but that's Epson's fault, not Microsoft's. I haven't installed SP1 yet, but unless something has changed, the auto-update feature is easily disabled.
posted by daveadams at 7:08 PM on September 11, 2002

On the page linked from The Register, one of the "Easy Fixes" that he gives is to use a browser other than IE.
He's wrong about this. I tried it in Mozilla and it still deleted files, so don't think that you're safe just because you're not using IE.
The self-destructing link worked great though!
posted by Pharkas at 8:54 PM on September 11, 2002

Then the answer isn't "get a real browser".

It's "get a real operating system".
posted by baylink at 9:29 PM on September 11, 2002

Personally, I am going to ride my Win2k box like an old Mac addict until the hardware itself dies.

The machine (typically) works just fine. XP has no real compelling features for me. I boot, I browse, type, and game.

I am giving up the ghost for the next upgrade. OS X sounds tastier every day.
posted by Tystnaden at 10:09 PM on September 11, 2002

Correct Pharkas... since the hcp:// protocol is registered in Windows and assigned to the help center, any application that's smart enough to forward requests it doesn't natively handle will launch it.
posted by rogue at 10:46 PM on September 11, 2002

i'm with skallas, this seems completely outside legal means. it's like adding rules to a game after it's started... both illegal and immature.
posted by phylum sinter at 4:06 AM on September 12, 2002

I like XP for the most part. The only problem I have encountered is that WinMX transfers run at slower than modem speeds. I don't know if that is a problem with the new version 3.3 or if Microsoft has something in there to mess with P2P. All I know is that when WinMX is running, my bandwidth gets destroyed.
posted by McBain at 7:54 AM on September 12, 2002

« Older   |   September eleventh Newer »

This thread has been archived and is closed to new comments