Security experts are now saying ten serious security flaws in Windows XP programs patched with Service Pack 2 could leave their users prone to silent and remote hacker takeovers… and all the user would have to do is just browse a Web page.
Finjan, a security firm, said hackers exploiting these flaws could also move between Internet Explorer security zones to get the rights of local zone Internet Explorer users, making it possible to raise the so-called privilege level of mobile code downloaded from the Net and letting remote code read, write, and execute files on the user’s hard drive.
The company also said hackers could get around XP SP2’s notification programming on downloading and executing .exe files, thus downloading files with no warning.
Finjan’s Malicious Code Research Center is believed to have spotted the new flaws and has reportedly advised Microsoft of the full details, helping Microsoft patch the flaws swiftly enough, according to published reports. But Finjan is being careful not to disclose too many details just yet.
"In order to prevent the creation of malicious viruses and worms, Finjan will not release any technical details about these vulnerabilities until they are fully patched by Microsoft," the company said in a statement.
"The recently released XP SP2 operating system offers certain security features,” Finjan founder Shlomo Touboul said in his own statement. "However, it suffers because it is still basically the same operating system and has some major flaws which compromise end-user security."
