Archived from groups: alt.sys.pc-clone.dell (
More info?)
This article is interesting:
IE Flaw Affects Windows XP SP2 Systems
August 26, 2004
By Gregg Keizer, TechWeb News
Microsoft on Thursday flatly denied reports that one of Windows XP Service
Pack 2's most touted features leaves users open to possible attacks. In
effect, hackers have better things to do, Microsoft said.
According to one outside analysis, SP2's Windows Security Center, the
dashboard-like console that monitors and reports on the status of various
security defenses -- from firewalls to anti-virus software -- can be spoofed
by hackers into displaying false information, such as an enabled firewall or
a even a totally bogus anti-virus package supposedly protecting the PC.
Security status could be faked, said the researchers, by a number of
possible exploit avenues, including the drag-and-drop vulnerability in
Internet Explorer that was made public last week. The possible goal by
hackers: disable defenses but at the same time remain under the radar.
Many in-the-wild worms intentionally disable long lists of firewalls and
anti-virus products. Recent variations of the Bagle worm, for instance,
target almost 300 different pieces of protective software for termination.
By combining that trait with this spoof, worms could infect a PC and yet
remain undetected by the user.
Microsoft denied that Windows Security Center has a vulnerability. "In order
for an attacker to spoof the Windows Security Center, he or she would have
to have local administrator rights on the computer," Microsoft said in an
e-mailed statement.
True, but that may not be much of a defense, since home users in particular
often run Windows in Administrator Mode. Enterprises, wary of the total
control that mode gives end users, typically sets up PCs to run in Limited
Mode.
The Redmond, Wash.-based developer also claimed that even if a system was
compromised -- perhaps by other malicious code that gave attackers
administrator rights -- any exploit of the console was the least of users'
worries.
"Criminal actions the attacker could pursue include many that are far more
interesting than spoofing the Windows Security Center," Microsoft said.
This defense -- that the bigger security holes in Windows are the real
honeypots for hackers, and thus smaller flaws can be safely ignored -- is a
new one from Microsoft.