Wednesday, November 17, 2004

Ten major holes found in SP2, claims security company
A security company is claiming to have discovered a set of 10 major security flaws in Microsoft Corp.’s Windows XP Service Pack 2, bypassing many of the security measures the update puts into place.
According to Finjan Software Inc., an attacker could exploit the flaws to execute malicious code on a user’s system by luring the user to a specially crafted Web page. Finjan has made the exploit’s full technical details available to Microsoft but refused to make them public until the software giant has developed patches for them.
However, Microsoft has said its initial analysis of the flaws showed that they may not be as serious as the security firm purports. “Our early analysis indicates that Finjan’s claims are potentially misleading and possibly erroneous regarding the breadth and severity of the alleged vulnerabilities in Windows XP SP2,” a Microsoft spokesperson told Techworld. “Microsoft encourages Finjan to abide by the principles of responsible disclosure and to decline to provide further comment or details on the alleged vulnerabilities until Microsoft is able to complete its investigation.”