Researchers find holes in XP SP2

IDG News Service - Security researchers inspecting a new update to Microsoft Corp.'s Windows XP found two software flaws that could allow virus writers and malicious hackers to sidestep new security features in the operating system.
German Internet security portal Heise Security published a security bulletin, dated Aug. 13, that describes two holes in Windows XP Service Pack 2 (SP2) and warns users about running programs from untrusted Internet sites. The flaws could allow virus writers to circumvent the security feature and write worms that spread on XP SP2 systems, according to the bulletin. However, the researcher who discovered the holes said he doesn't consider the flaws to be serious and still recommends installing SP2.
Microsoft released XP SP2 to its customers shortly after completing work on the massive software update, on Aug. 6. SP2 contains a number of new security features, including an improved version of Windows Internet Connection Firewall, now named Windows Firewall, a new, user-friendly interface for managing security settings and improved features for detecting and blocking malicious content downloaded from Web sites.
Heise Security Editor and Chief Jurgen Schmidt and his colleagues discovered the holes in an XP SP2 feature that marks files downloaded using the Internet Explorer Web browser or saved from e-mail messages using the Outlook Express e-mail client with a Zone Identifier, or ZoneID, according to Schmidt.
The ZoneID records the Internet Explorer security zone from which the file originated. Internet Explorer security zones assign different levels of security permission to different sources of files and data. For example, Web sites and files downloaded from the Internet are considered less secure than those obtained from a LAN the computer is connected to or from the local computer hard drive.
XP SP2 saves ZoneIDs in a text file on the local computer. The file is linked to the downloaded file and used to issue pop-up warnings when Windows users attempt to open files from a dangerous source. However, certain Windows features allow users to open files without receiving a warning, Heise Security found.

For example, users can open files using text commands issued through the Windows command prompt, a standard Windows feature, without being warned about the risk associated with opening the file.
A second bug exploits what Schmidt called a "programming error" in XP SP2 that fails to update the ZoneID information cached for immediate use when files are renamed. That could allow malicious hackers or viruses to get around the user warnings, at least temporarily, by renaming a malicious file that would otherwise generate a warning,

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.