A hole has been discovered in Windows XP Professional and Home Edition that could compromise a network and be used to get into protected areas.
Reported by bug-finder 'http-equiv' of Malware.com -- who has found several critical holes in Microsoft software previously -- the vulnerability has been described as “moderately critical," which means you can still get a cup of tea before you fix it but don’t have a long lunch.
There is a proof of concept available and the official explanation is this: “It is possible to construct a malicious folder containing both script code and an executable file. This can be exploited to make Windows Explorer execute code automatically on a user's system if the user is tricked into opening the folder.”
Microsoft is not due to post patches for a couple of weeks, so it will be a possible route in for a while. The trick is not to open unusual folders. But then that is always the case and everyone still does it.
Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »
Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »
This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »
Recommend This
