Glitches between Windows XP Service Pack 2 (SP2) and critical applications continue to emerge, with McAfee admitting its flagship VirusScan product prior to version 7.1 requires a customised patch to be operational with Windows Security Center, part of SP2.
McAfee also said its enterprise Desktop Firewall product requires a patch before it can function with Windows Security Center. Since it was released, activists have been searching for weaknesses in Microsoft's security-focused service pack.
Microsoft has already dismissed claims by German researchers that they had found a flaw.
Now a group has claimed malicious code could bypass the new security procedures in XP by using the drag-and-drop features of Internet Explorer.
Consultant Secunia said researcher http-equiv has demonstrated that "the vulnerability is caused due to insufficient validation of drag-and-drop events issued from the internet zone to local resources".
For example, this can be exploited by a malicious web site to plant an arbitrary executable file in a user's startup folder, which will be executed the next time Windows starts up.
But Microsoft believes hackers looking to exploit this would have to rely on help from users.
"Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers," the firm said in a statement.
"Microsoft is not aware of any customer impact at this time. However, it will continue to investigate the issue to determine the appropriate course of action to protect its customers."
Alex Tatham, vice-president global software at Microsoft distributor Bell Microproducts, played down the glitches being touted about SP2. "It is a good upgrade. We have not come across any issues. I believe people are just experiencing normal teething problems," he said.
XMA bosses on becoming a 'performance VAR', pocketing £50m of Misco leftovers, and acquisition near-misses
Lee Hemani and Andy Wright reveal that XMA is aiming to boost net profits to three per cent of revenues as they run through the growth ambitions of the UK's ninth-largest reseller
The biggest threat to any company's security strategy is actually their own staff. At this exclusive CRN event next month, find out how you can help your customers ensure they stay protected from within as well as from external threats.
Businesses also admit to holding data without permission of subjects
Zedsphere says end-point security vendor's offerings will be a 'key' feature of its wider portfolio