First Sony “Uninstaller Vulnerability” Attacks Hit

By Michael Santo
Contributing Writer, RealTechNews

As I wrote less than 48 hours ago, security experts had found vulnerabilities exposed by the uninstaller Sony had created for its XCP copy protection software. Well, Websense Security Labs has received reports of websites using the uninstaller vulnerability to exploit PCs. The site they give as an example simply reboots the computer when vulnerable PCs access the site, but of course there’s obvious potential for more mischief.

For now, if you visit one of the web pages that formerly used to host the uninstaller on Sony BMG’s site, you’ll see the following:

November 15th, 2005 - We currently are working on a new tool to uninstall First4Internet XCP software. In the meantime, we have temporarily suspended distribution of the existing uninstall tool for this software. We encourage you to return to this site over the next few days. Thank you for your patience and understanding.

We Say: Sometimes I wonder how many of these vulnerabilities would so quickly appear if we didn’t publicize them. Of course, I realize we have to. For Sony BMG, the hits just keep on coming, but unfortunately I’m sure they are going to be hits to “the bottom line” rather than hit songs.