You are here: silicon.com > Software > Operating Systems

Operating Systems

Russians crack XP SP2 flaw

Microsoft given a month's warning before paper published...

Tags: data execution protection, service pack two, sp2

By Robert Lemos

Published: 31 January 2005 10:10 GMT

A Russian security company claims it found a way to beat a security measure in Microsoft's Windows XP Service Pack 2.

The SP2 measure, known as Data Execution Protection, is intended to prevent would-be attackers from inserting rogue code into a PC's memory and tricking Windows into running the program. However, in a paper published on Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection.

The company notified Microsoft of the problem on 22 December, but it apparently decided not to wait for the software giant to patch the flaws.

Neither Microsoft nor Positive Technologies immediately responded to requests for comment on Friday.

After several delays, Microsoft began rolling out SP2 in August of last year, at which time company chairman Bill Gates called the update "a significant step in delivering on our goal to help customers make their PCs better isolated and more resilient in the face of increasingly sophisticated attacks".

Robert Lemos writes for CNET News.com.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

for IT White Papers Newsletter


Senior Information Manager

For a recruitment pack visit our website by clicking apply below. You must have a good working knowledge of Data Protection and Freedom of ...

IT Security analyst - Security qualified - Wintel - hands on - BANKING

Encryption Monitoring, Alerting and Auditing (SIEM) Directory Services Intrusion Prevention/Detection Systems Security Protocols ...

Systems Programmer, Windows - St Andrews

Essential Requirements Include: - Familiarity with PC hardware, including an understanding of PC architecture and the ability to fault find common ...

CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.





Quick Sitemap Links: