About the description and solution of win xp system vulnerabilities

Many times the system will automatically ask us to update the system, because the system will have loopholes, if it is not well resolved, there will be big problems, but some users turn off the system reminder, then in case What should I do if I don't have an update and I have a system?

I. Task Scheduler Vulnerability

"Vulnerability Description": Windows Task Scheduler has problems handling application file name verification The hacker can use this vulnerability to remotely obtain system privileges and execute arbitrary commands. Hackers can use a variety of methods, such as building a malicious web page and enticing a user to click to trigger this vulnerability. A hacker who successfully exploited this vulnerability could take complete control of the affected system.

"Workaround": Microsoft has released a security bulletin (MS04-022) and corresponding patches for this purpose. Users who have installed WinXP and WinXP Service Pack 1 immediately go to the following address http://www.microsoft. Download the patch at com/china/technet/security/bulletin/MS04-022.mspx and update it. This security patch will also be included in Windows XP Service Pack 2.

Second, HTML Helps Remote Code Execution Vulnerabilities

"Vulnerability Description": Windows allows applications to display and process help files using a standard method (such as the HTML Help API method). There is a problem with Windows HTML Help. Remote hackers can exploit this vulnerability to execute arbitrary code on the system with user process privileges, including installing programs, viewing changes to delete data, and creating new accounts. Hackers can build malicious pages, entice users to click to trigger this vulnerability, and a specially built showHelp URL can also cause remote arbitrary code to be executed on a local computer.

"Solutions": Microsoft has released a security bulletin (MS04-023) and corresponding patches for this purpose. Users who have installed WinXP and WinXP Service Pack 1 immediately go to the following address http://www.microsoft. Download the patch at com/china/technet/security/bulletin/MS04-023.mspx and update it. The patch for this issue will also be included in Windows XP Service Pack 2.

If you can't install patches or upgrades right away, it's a good idea to click Start, run “regsvr32 /u %windir%system32itss.dll”, and log out of the HTML Help protocol to reduce threats. If you are using Outlook 2002 or higher, or Outlook Express 6 SP1 or higher, read the email in plain text format to avoid being attacked by malicious HTML code.

Here are a few system vulnerabilities. Of course, there are still a lot of system vulnerabilities. However, if you want to handle it yourself, it is best to update the system in time, so that the system will be protected from poisoning. Everyone is useful.