eEye Digital Security Announces Major Vulnerabilities in Default Installations of Windows XP and Certain Installations of Windows ME and 98
For further information and a technical description of the advisory please visit: http://www.eeye.com/html/Research/Advisories/AD20011220.html
eEye Digital Security announces the discovery of major security vulnerabilities in Microsoft's (www.Microsoft.com) UPNP (Universal Plug and Play) Service. Windows XP, by default, ships with a UPNP (Universal Plug and Play) Service that can be used to detect and integrate with UPNP aware devices. Windows ME does not come standard with the UPNP service, however some OEM versions do provide the UPNP service by default. It is also possible to install the Windows XP Internet Connection Sharing on top of Windows 98, therefore making it vulnerable.
As described by UPNP.org (www.UPNP.org) "UPNP architecture offers pervasive peer-to-peer network connectivity of PCs of all form factors, intelligent appliances, and wireless devices. UPNP architecture leverages TCP/IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices in the home, office, and everywhere in between."
eEye has discovered three vulnerabilities within Microsoft's UPNP implementation: a remotely exploitable buffer overflow that allows an attacker gain SYSTEM level access to any default installation of Windows XP, a Denial of Service (DoS) attack, and a Distributed Denial of Service (DDoS) attack. eEye would like to stress the extreme seriousness of this vulnerability. Network administrators are urged to immediately install the patch released by Microsoft at http://www.microsoft.com/technet/security/bulletin/MS01-059.asp
The most serious of the three Windows XP vulnerabilities is the remotely exploitable buffer overflow. It is possible for an attacker to write custom exploit code that will allow them to execute commands with SYSTEM level access, the highest level of access within Windows XP.
The other two vulnerabilities are types of denial of service attacks. The first is a fairly straightforward denial of service attack, which allows an attacker to remotely crash any Windows XP system. The crash will require Windows XP users to physically power down their machines and start them up again before the system will function. The second denial of service attack is a distributed denial of service attack. This vulnerability allows attackers to remotely command many Windows XP systems at once in an effort to make them flood/attack a single host.
eEye alerted Microsoft’s security team immediately upon discovery of the vulnerability and has worked closely with Microsoft on the development of a patch and the expeditious alerting of administrators worldwide.
For further information and a technical description of the vulnerabilities please visit the eEye website at www.eEye.com.
About eEye Digital Security
Founded in 1998, eEye Digital Security is a leader in IT security compliance, providing the only unified vulnerability and compliance management solution that integrates assessment, mitigation and protection into a complete offering. eEye enables secure and compliant computing through world-renowned research and is consistently the first to identify and protect systems from zero-day threats. The company's flagship product, Retina, meets security and compliance requirements for SMBs and enterprise-class organizations across all verticals worldwide. eEye is a trusted advisor providing network security education, product deployment services and enterprise-wide integration.