MS Warns of IE/XP Server Exploit

A speaker at the recent Blackhat DC security conference, Jorge Luis Alvarez Medina of Core Security Technologies, demonstrated a previously undocumented method of remotely turning a Windows XP-based computer into a web server — thus exposing the hacked computer's file system to the public. As surprising to the audience as the apparent ease with which this attack was performed, was the news that instead of being a patchable exploit, the attack may actually be enabled by a design feature of the Internet Explorer browser software.

For its part, Microsoft issued Security Advisory 980088, entitled "Vulnerability in Internet Explorer Could Allow Information Disclosure," which detailed the problem and its recommended remedies:

"Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode," the report reads. "Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location."

"In a web-based attack scenario, an attacker could host a website that contains a web page that is used to exploit this vulnerability," the report states. "In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability."

"In all cases, however, an attacker would have no way to force users to visit these websites," the report continued. "Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website."

The advisory warns that an attacker who successfully exploited this vulnerability could gain the same user rights as the local user; and that while users whose accounts are configured to have fewer rights on the system could be less affected than those operating with administrative user rights, many systems remain vulnerable.

"The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites," the report said. "At this time, we are unaware of any attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes."

According to the company, affected versions include Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Other, older versions of the Internet Explorer software are also vulnerable.

Microsoft says that running Internet Explorer in Protected Mode prevents exploitation of this vulnerability. This is the default setting for Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

The company also plans to take the appropriate action to protect its customers, which may include providing a solution through its monthly security update release process, or an out-of-cycle security update, depending on customer needs.

"We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers," a company spokesperson stated. "In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability."

As for standard security precautions, Microsoft advises customers to enable a firewall, apply all software updates and install antivirus and antispyware software.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Leah Koons

If you’ve been to an industry event lately, odds are you’ve heard Leah Koons even before you’ve seen her. As Fansly’s director of marketing, Koons helps steer one of the fastest-growing creator platforms on the web.

Women in Adult ·
opinion

What France's New Law Means for Age Verification Worldwide

When France implemented its Security and Regulation of the Digital Space (SREN) law on April 11, it marked a pivotal moment in the ongoing global debate surrounding online safety and access to adult content.

Corey D. Silverstein ·
opinion

From Tariffs to Trends: Staying Resilient in a Shaky Online Adult Market

Whenever I check in with clients these days, I encounter the same concerns. For many, business has not quite bounced back after the typical post-holiday-season slowdown. Instead, consumers have been holding back due to the economic uncertainty around the Trump administration’s new tariffs and their impact on prices.

Cathy Beardsley ·
opinion

Optimizing Payment Strategies for High Ticket Sales

Payment processing for more expensive items, such as those exceeding $1,000 per order, can create unique challenges. For adult businesses, those challenges are magnified. Increased fraud risk, elevated chargeback ratios and heavier scrutiny from banks and processors are only the beginning.

Jonathan Corona ·
profile

WIA Profile: Lexi Morin

Lexi Morin’s journey into the adult industry began with a Craigslist ad and a leap of faith. In 2011, fresh-faced and ambitious, she was scrolling through job ads on Craigslist when she stumbled upon a listing for an assistant makeup artist.

Women In Adult ·
profile

Still Rocking: The Hun Celebrates 30 Years in the Game

In the ever-changing landscape of adult entertainment, The Hun’s Yellow Pages stands out for its endurance. As one of the internet’s original fixtures, literally nearly as old as the web itself, The Hun has functioned as a living archive for online adult content, quietly maintaining its relevance with an interface that feels more nostalgic than flashy.

Jackie Backman ·
opinion

Digital Desires: AI's Emerging Role in Adult Entertainment

The adult industry has always been ahead of the curve when it comes to embracing new technology. From the early days of dial-up internet and grainy video clips to today’s polished social media platforms and streaming services, our industry has never been afraid to innovate. But now, artificial intelligence (AI) is shaking things up in ways that are exciting but also daunting.

Steve Lightspeed ·
opinion

More Than Money: Why Donating Time Matters for Nonprofits

The adult industry faces constant legal battles, societal stigma and workplace challenges. Fortunately, a number of nonprofit organizations work tirelessly to protect the rights and well-being of adult performers, producers and industry workers. When folks in the industry think about supporting these groups, donating money is naturally the first solution that comes to mind.

Corey D. Silverstein ·
opinion

Consent Guardrails: How to Protect Your Content Platform

The adult industry takes a strong and definite stance against the creation or publication of nonconsensual materials. Adult industry creators, producers, processors, banks and hosts all share a vested interest in ensuring that the recording and publication of sexually explicit content is supported by informed consent.

Lawrence G. Walters ·
opinion

Payment Systems: Facilitator vs. Gateway Explained

Understanding and selecting the right payment platform can be confusing for anyone. Recently, Segpay launched its payment gateway. Since then, we’ve received numerous questions about the difference between a payment facilitator and a payment gateway. Most merchants want to know which type of platform best meets their business needs.

Cathy Beardsley ·
Show More