Christmas Present From China

A Chinese group claims it has found four vulnerabilities in Microsoft’s Windows operating system and has posted details about the same to a public mailing list.

The details were posted yesterday by the Xfocus group.

The group has released proof of concept code and says that one of these flaws, in the Windows help file parsing program, can be exploited on systems which are patched with the second service pack for Windows XP.

The other three can be exploited on systems running NT, 2000 or XP with service pack 1; those with SP2 are not vulnerable.

Read more…

One of the security holes, as you can see, is reserved for those who thought that SP-2 was going to ‘fix everything’ in XP. It joins a list of flaws that are specific to patched systems.