-----Original Message-----
From: UNIRAS (UK Govt CERT)
Sent: 12 September 2002 11:07
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 311/02 - AusCERT - Serious Vulnerability Fixed
in Microsoft Windows XP Service Pack 1
-----BEGIN PGP SIGNED MESSAGE-----
- ------------------------------------------------------------------------------
----
UNIRAS (UK Govt CERT) Briefing Notice - 311/02 dated 12.09.02 Time: 11:00
UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- ------------------------------------------------------------------------------
----
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ------------------------------------------------------------------------------
----
Title
=====
AusCERT Security Advisory:
Serious Vulnerability Fixed in Microsoft Windows XP Service Pack 1
Detail
======
*** BEGIN PGP VERIFIED MESSAGE ***
AusCERT Update AU-2002.007 - Serious Vulnerability Fixed in Microsoft
Windows XP Service Pack 1 12 September 2002
AusCERT has been made aware of a serious vulnerability in Windows XP's
Help and Support Center that can allow deletion of arbitrary files from
a Windows XP system.
The vulnerability can be exploited simply by using the hcp (Help Center
Protocol) pluggable protocol in a web link to the Uplddrvinfo.htm file,
stored locally on Windows XP machines. The exact exploit will not be
included in this update, however it is simple and requires only that a
user follow such a link from any HTML page - either via a local file, in
an email message or on the web.
The Windows XP Service Pack 1 contains the fix for this vulnerability,
and AusCERT strongly recommends that any members using Windows XP assess
their situation and install the service pack if feasible. Advanced
Windows XP users who do not wish to install the service pack may
deregister the hcp pluggable protocol, however this will also disable
parts of the Help and Support Center.
To deregister the hcp pluggable protocol, use the Registry Editor
(regedit.exe) and browse to the key:
HKEY_CLASSES_ROOT\hcp\shell\open\command
Create a new string data item called DefaultBackup, and give it a value
equal to that of the (Default) data item. Then set the (Default) data
item's value to the empty string.
WARNING: If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system.
AusCERT cannot guarantee that you can solve problems that result from
using Registry Editor incorrectly. Use Registry Editor at your own risk.
Further information on this vulnerability can be found at
Knowledge Base Article Q328940
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328940
and information on getting Windows XP Service Pack 1 can be found at:
Knowledge Base Article Q322389
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322389
========================================================================
===
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: [EMAIL PROTECTED]
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
========================================================================
===
*** END PGP VERIFIED MESSAGE ***
- ------------------------------------------------------------------------------
----
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via EMail to:
[EMAIL PROTECTED]
Tel: 020 7821 1330 Ext 4511
Fax: 020 7821 1686
- ------------------------------------------------------------------------------
----
UNIRAS wishes to acknowledge the contributions of AusCERT for the information
contained in this Briefing.
- ------------------------------------------------------------------------------
----
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ------------------------------------------------------------------------------
----
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQCVAwUBPYBmCopao72zK539AQEdxQQAsamxX3ukFstLdExJLqxUPsGtfH7B/OBu
kOtaeD12CTx+OJMySzZMLDhIDyJbGrsqXieiXSgSFhEWIsnWQk7X4CopWZ+3//1j
St3SHBKKHZ4nk9ZlA2Wj0ee8eXHxaAEg+4zVEAklbL+VAWbydJzAcVfJwLmiBZEc
4Sg573wy5is=
=3V3Z
-----END PGP SIGNATURE-----
IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk
