Security researchers inspecting a new update to Microsoft Corp.'s Windows XP found two software flaws that could allow virus writers and malicious hackers to sidestep new security features in the operating system.
German Internet security portal Heise Security published a security bulletin, dated Aug. 13, describing two holes in the Windows XP Service Pack 2 (SP2) and warning users about running programs from untrusted Internet sites. The flaws could allow virus writers to circumvent the security feature and write worms that spread on XP SP2 systems, according to the bulletin. However, the researcher who discovered the holes said he does not consider the flaws to be serious and he still recommends installing SP2.
Microsoft is investigating the reports of a method to bypass what it calls the Attachment Execution Services in Windows XP SP2, but was not aware of any way for an attacker to use the flaws reported by Heise Security to gain access to a Windows machine, a spokeswoman said.