Malicious ‘Error 404’ message exploits Windows XP SP2

On November 15, security firm Finjan claimed it had discovered ten flaws in Windows XP SP2 that could allow attackers to “silently and remotely take over an SP2 machine when the user simply browses a Web page”.

According to Finjan, hackers could bypass XP SP2’s notification mechanism about downloading and execution of .exe, which could let them download files without warning the user.

The code published on K-otik’s Web site seems to exploit the same flaw.

At the time, Microsoft said it was investigating Finjan’s claims but tried to play down the severity of the flaws.

Read more…

I think the very worst thing you can do is to try to lessen the impact of a security flaw, these days. Security is a do or die job. Anyone who says otherwise is just making the situation worse.