BetaONE will rise again! - ALL XP USERS READ NOW, IMPORTANT!!!

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)

- Windows NT/2000/XP (+ Service Packs) (http:\\b1.hcanet.com\forum/forumdisplay.php?f=98)

- - ALL XP USERS READ NOW, IMPORTANT!!! (http:\\b1.hcanet.com\forum/showthread.php?t=2472)

Found this on another forum, This might be of interest to someone...

Biggest Security Hole Ever ....read This

it is very simple to execute this. Someone could easily delete your windows folder just by you visiting a webpage.

If you can't install SP1 do the following

1. Perform a search for a file on your C drive called "uplddrvinfo.htm."

2. Once you've found the file, delete it or rename it. Doing so will not hinder your ability to use Windows XP.

Attention Windows XP Users

A little-known but critical vulnerability exists in Windows XP.

It has recently been repaired in Service Pack 1.

This vulnerability allows the files contained in any specified directory on your system to be deleted if you click on a specially formed URL. This URL could appear anywhere: sent in malicious eMail, in a chat room, in a newsgroup posting, on a malicious web page, or even executed when your computer merely visits a malicious web page. It is likely to be widely exploited soon.

This vulnerability is so dangerous that it would be irresponsible for me to say more. Microsoft has known of this problem for months and has, inexplicably, done nothing before now. Although XP's Service Pack 1 is not small (approx 30 MB for express installation or 140 MB for the network install), and even though a much quicker and easier solution to this problem exists, the only thing I can safely recommend (without revealing too much) is to urge all XP users to somehow obtain and install Service Pack 1 immediately. (If you have a slow Internet connection, perhaps a friend can download the executable Service Pack file and burn it onto a CD for you?)

This problem does not affect any systems other than Windows XP. If you have any friends or co-workers running Windows XP, please urge them to update their systems' too.

the file is in this location.

*:\windows\pchealth\helpctr\system\dfs\
Replace * with the correct drive letter

Info from national tv airing at.

_http://www.techtv.com/screensavers/shownotes/story/0,24330,3398516,00.html

"Please! No live links!"
}---:)

Last edited by tubebuoy at Today at 5:23 pm

Hum........

I have the latest SP1 installed and I have this file :o

Why this file is on my computer if I have apply the SP1 ?

Is this a trick from M$ ?

Thanks for your comments

Thanks for the info

to be safe BAD1 .. just rename the file regardless?

Correct I just watched the program and yes sp1 does fix it here is the video link to the tech tv show

_http://cgi.techtv.com/mediamodule?action=view&version=20020910095425&vid eo_src=/thescreensavers/2002/ss020909c&width=320&height=240&vidsection=3200042& add_date=1031641200&start=&end=&duration=&bitrates =']http://cgi.techtv.com/mediamodule?action=v...&bitrates='[/url]

Please! No Live links!

}---:)

Last edited by tubebuoy at Today at 5:25 pm

Thanks for the heads up , :blink:
I have this file also . :angry:

Its gone now. :D

Stumuzz

Bl**dy M$.....

More Holes & leaks than ever....

Why do they keep doing this to US!!!!!!

THANKS FOR THE HEADS UP ON THIS ONE......

Ways to fix this issue:

Delete/rename the "uplddrvinfo.htm" file (located in C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS).

Or, open it , find, and delete the following section of code:

var oFSO = new ActiveXObject ( "Scripting.FileSystemObject" );
try
{
oFSO.DeleteFile( sFile );
}

Or unregister the hcp protocol handler.

Deleting the section of code breaks the exploit (I have verified it myself) and it is highly recommended that anyone here using XP take steps to fix this.

Last edited by sony at Today at 3:13 pm

hmm I want exact instructions on how to exploit this hack.

If SP1 fixes it why is it still there??

Quote:

Originally posted by pcservicetech@Today at 3:17 pm
hmm I want exact instructions on how to exploit this hack.

if you want i can give you a test :)

i want the exploit, just to experiment. anyone?

Thanks for the heads up, its now gone :)

Hi

With regard to this file called:

uplddrvinfo.htm

As kamikazee has already asked: If SP1 fixes it, in what way does it fix it and why is it still there?

Regards

Many thanks for the info

Quote:

Originally posted by pcservicetech@Today at 4:36 pm
ok sony hit me

check your pm

still holes... :o

thanx sony

Holy ^%*%&^%. Thanks for the warning.

Cheerz
Dave

Ok,

I don't understand why this file is on my PC :o

But the file is gone now ;)

How many hole like this one do we have ?

Look at this page as well.

EDIT: On request of a concerned member, I removed the link that shows you exactly how the process works. If you need/want the link PM me.

Cheerz
Dave

Last edited by DL at Today at 11:55 pm

This will explain how the exploit works and how to fix it, better read than zdnet.. found it on the register
_http://www.theregister.co.uk/content/4/27074.html

thanks for the info! verrry useful!

- [ s M k ] -

ill have deleted it !!

thx

Test for teh slow, weak, or lazy... ;)

_http://grc.com/files/XPdite.exe

edit:: jiz says a big ur welcom 2 ecperez

Last edited by lickablepig at Today at 1:47 pm

thanks for the utility.

this file was in my windows folder as well. was scared reading this forum and straightaway deleted it! by the way i have installed an AntiVirus software (NAV2003). wont this fix it :o

Thanks for this utility ;)