Windows XP Service Pack 2 (SP2) has ten unpatched vulnerabilities, a U.S. security firm said Thursday. Microsoft, however, ardently disputed the claims and said that they were "potentially misleading and possibly erroneous."
Finjan Software said its Malicious Code Research Center had spent the last several months analyzing Windows XP SP2, the massive refresh that Microsoft touted as its most secure desktop operating system ever, and found 10 bugs that could be used by hackers to hijack systems when users simply view malicious Web pages.
The San Jose, Calif.-based company said it has provided Microsoft with technical details on the vulnerabilities and with proof-of-concept code that demonstrates how the bugs could be turned into full-fledged security attacks.
"We'll not disclose details of any of these vulnerabilities until patches are ready," said Gil Aditi, Finjan's chief security officer, "so that attackers can't create worms or viruses with this information."
Although Microsoft has said several times that SP2 is its most secure OS, Finjan's spotting of 10 vulnerabilities didn't come as a surprise to Aditi. "Any operating system has its holes, and SP2 is no exception. It's not bulletproof."