You are here: silicon.com > Software > Operating Systems

Operating Systems

Russians crack XP SP2 flaw

Microsoft given a month's warning before paper published...

Tags: data execution protection, service pack two, sp2

By Robert Lemos

Published: 31 January 2005 10:10 GMT

A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2.

The SP2 measure, known as Data Execution Protection, is intended to prevent would-be attackers from inserting rogue code into a PC's memory and tricking Windows into running the program. However, in a paper published on Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection.

The company notified Microsoft of the problem on 22 December, but it apparently decided not to wait for the software giant to patch the flaws.

Neither Microsoft nor Positive Technologies immediately responded to requests for comment on Friday.

After several delays, Microsoft began rolling out SP2 in August of last year, at which time company chairman Bill Gates called the update "a significant step in delivering on our goal to help customers make their PCs better isolated and more resilient in the face of increasingly sophisticated attacks".

Robert Lemos writes for CNET News.com.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

for IT White Papers Newsletter

Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead

Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy


  • Jobs
Games Engine Programmer - Surrey

The key objectives within this role are to: o Help further develop, maintain core engine systems o Liaise across different disciplines to identify ...

QA Tester

The company provides software and related services that enables e-businesses from clicks and mortar to pure dot-coms to measure their website ...

Director, Service Support

Highly knowledgeable on latest service management methods (ITIL) and technical trends (ITILv3 certified or equivalent knowledge and expertise). Leads ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: