10 more security flaws found in Windows XP
10 more security flaws found in Windows XP
10 significant security holes have been found in Microsoft's Windows XP Service Pack 2, which escaped detection from recent security measures, according to a security firm.
Finjan Software, said that an attacker could take advantage of the holes to launch code that can force a user to a web page.
Although Finjan has told Microsoft all the details about the vulnerability, it has not released this information to the public yet, and will not do so until Microsoft has made some patches for it.
Shlomo Touboul, the CEO and founder of Finjan Software, said: "The recently released Service Pack 2 of Microsoft Windows XP operating system offers certain features of security. However, it suffers because it is still basically the same operating system and has some major flaws which compromise end-user security.
"All Windows versions have been developed with requirements for highest backward compatibility and open architecture, with maximum productivity and ease of use. In addition, Windows applications typically run with administrative permissions with full and unlimited access to computer resources."
Touboul added that this, together with the emerging technology of mobile code has created a situation in which active content travels freely over the web and gains full control of host computers.
"These fundamentals create a green field for hackers shown by constantly increasing attacks and damage over the last few days. A security patch of Windows operating system without changing the rules of the game will not be enough to fight the recent complex malicious code attacks such as Scob, Mydoom, and others.
"End users and enterprises must add an independent security layer that is not dependent on the above fundamentals. Applications level behaviour blocking is the leading technology designed to immunise systems from both known and unknown vulnerabilities and exploits; viruses, worms, Trojans, spyware, phishing and other threats."
In reaction, Microsoft has said the flaws are not as serious as reported. Microsoft said that Finjan's claims are misleading and possibly wrong too. The software giant asked Finjan to follow the principles of responsible disclosure and to no longer provide more comment on details about the vulnerabilities until Microsoft has carried out an investigation.
Related Article: