Researcher Finds Flaws in XP SP2 Advisory Issued for Pair of Security Flaws Ryan Naraine
German research firm Heise Security has issued an advisory for a pair of security flaws in Microsoft's recently shipped Windows XP Service Pack 2 with a warning that attackers could launch malicious files from an untrusted zone.
According to the alert posted online, Heise said two vulnerabilities in the implementation of a new "security warning" feature in SP2 opens the door for the spread of harmful viruses.
The flaws occur because the Windows command shell ignores zone information and starts executables without warnings. Heise Security said the second bug relates to the inability of the Windows Explorer feature to update zone information properly when files are overwritten.
"[Windows Explorer] can be tricked to execute files from the Internet without warning," the firm said.
According to the advisory, Microsoft investigated the warnings and found that they were not in conflict with the design goals of the new protections built into XP.
"We are always seeking improvements to our security protections, and this discussion will certainly provide additional input into future security features and improvements, but at this time we do not see these as issues that we would develop patches or workarounds to address," Microsoft explained.
However, Heise said there was evidence that XP SP2 will launch malicious files without warning the user.
"Exploitation of this issue requires some user interaction — at least as long as nobody comes up with a way to execute cmd.exe with parameters from within Outlook Express or Internet Explorer," the company said, noting that virus writers could create e-mail worms to launch files without getting a warning from SP2.
