Can XP SP2 be exploited or not?

Seems Microsoft is downplaying the recent findings of Russian Security company. “The SP2 measure, known as Data Execution Protection, is intended to prevent would-be attackers from inserting rogue code into a PC's memory and tricking Windows into running the program. However, in a paper published Friday, Moscow-based Positive Technologies said two minor mistakes in the implementation of the technology allow a knowledgeable programmer to sidestep the protection.”

Report Major Windows security update foiled  

Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass   

Security » Russian security firm  XP SP2 Vulnerable    

Microsoft SP2 shimmy's not a flaw

Microsoft Windows Vulnerability  Russians Say Windows XP SP2 Vulnerable

Microsoft Disputes Claim of Flaw in XP SP2

MS downplays SP2 vuln risk

This information from the last link is of interest.

“This execution protection (NX) technology – which is only supported by a limited number of processors including AMD K8, Intel Itanium and some Xeon processors – is designed to thwart buffer overrun attacks.”

So it would seem this whole issue is only related to certain machines that run certain processors. So basically many websites have overblown this. Because most sites haven't pointed this fact out.

 Sponsored ad

 Save $10 Download ZoneAlarm Security Suite

Leave a Comment

Your email address will not be published.