Security researchers inspecting a new update to Microsoft Corp.’s Windows XP found two software flaws that could allow virus writers and malicious hackers to sidestep new security features in the operating system.
German Internet security portal Heise Security published a security bulletin, dated Aug. 13, describing two holes in the Windows XP Service Pack 2 (SP2) and warning users about running programs from untrusted Internet sites. The flaws could allow virus writers to circumvent the security feature and write worms that spread on XP SP2 systems, according to the bulletin. However, the researcher who discovered the holes said he does not consider the flaws to be serious and he still recommends installing SP2.
Microsoft is investigating the reports of a method to bypass what it calls the Attachment Execution Services in Windows XP SP2, but was not aware of any way for an attacker to use the flaws reported by Heise Security to gain access to a Windows machine, a spokesperson said.
Microsoft released XP SP2 to its customers shortly after completing work on the massive software update on Aug. 6. SP2 contains a number of new security features, including an improved version of Windows Internet Connection Firewall, now named the Windows Firewall, a new, user-friendly interface for managing security settings and improved features for detecting and blocking malicious content downloaded from Web sites.
Heise security editor and chief J