(ALISO VIEJO, CA) December 20, 2001 — For further information and a technical description of the advisory please visit: http://www.eeye.com/html/Research/Advisories/AD20011220.html

eEye Digital Security announces the discovery of major security vulnerabilities in Microsoft's (www.Microsoft.com) UPNP (Universal Plug and Play) Service. Windows XP, by default, ships with a UPNP (Universal Plug and Play) Service that can be used to detect and integrate with UPNP aware devices. Windows ME does not come standard with the UPNP service, however some OEM versions do provide the UPNP service by default. It is also possible to install the Windows XP Internet Connection Sharing on top of Windows 98, therefore making it vulnerable.

As described by UPNP.org (www.UPNP.org) "UPNP architecture offers pervasive peer-to-peer network connectivity of PCs of all form factors, intelligent appliances, and wireless devices. UPNP architecture leverages TCP/IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices in the home, office, and everywhere in between."

eEye has discovered three vulnerabilities within Microsoft's UPNP implementation: a remotely exploitable buffer overflow that allows an attacker gain SYSTEM level access to any default installation of Windows XP, a Denial of Service (DoS) attack, and a Distributed Denial of Service (DDoS) attack. eEye would like to stress the extreme seriousness of this vulnerability. Network administrators are urged to immediately install the patch released by Microsoft at http://www.microsoft.com/technet/security/bulletin/MS01-059.asp

The most serious of the three Windows XP vulnerabilities is the remotely exploitable buffer overflow. It is possible for an attacker to write custom exploit code that will allow them to execute commands with SYSTEM level access, the highest level of access within Windows XP.

The other two vulnerabilities are types of denial of service attacks. The first is a fairly straightforward denial of service attack, which allows an attacker to remotely crash any Windows XP system. The crash will require Windows XP users to physically power down their machines and start them up again before the system will function. The second denial of service attack is a distributed denial of service attack. This vulnerability allows attackers to remotely command many Windows XP systems at once in an effort to make them flood/attack a single host.

eEye alerted Microsoft’s security team immediately upon discovery of the vulnerability and has worked closely with Microsoft on the development of a patch and the expeditious alerting of administrators worldwide.

For further information and a technical description of the vulnerabilities please visit the eEye website at www.eEye.com.

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

Primary Agency Contact

Victor Cruz
MediaPR
(401) 349-3369 eEye@mediapr.net

EMEA Agency Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de