Feeds

MS warns of severe universal plug & play security hole

Gives up complete control of victim machine

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A trio of flaws in the Universal Plug and Play (UPnP) service, which allows for automatic hardware detection in a network environment, can offer up total ownership of your machine to a malicious third party, Microsoft warns.

First up, and by far the most serious, an unchecked buffer in a component handling NOTIFY directives affecting Win 98 and ME, and XP, the most secure Windows ever produced. By sending a malicious NOTIFY directive, an attacker can run code in the UPnP service, which runs with System privileges on XP and at the OS level on 98 and ME. This would enable the attacker to own the system.

Next up, a denial of service vulnerability enabling an attacker to send a NOTIFY directive to a UPnP-capable machine, directing it to download what it needs from a particular port on a particular server. If the server were to echo the download requests, the target machine would enter an endless loop which could tie up its resources and from which the only escape is a re-boot.

Third, an attacker could use the DoS vulnerability to send a NOTIFY directive to a large number of machines and direct them to a third-party server, which would then be flooded with bogus requests, and possibly overwhelmed.

UPnP services are native on Win XP and ME (though not enabled by default on ME), and are only present on 98 if support for Internet connection sharing is enabled. However, the fact that you haven't enabled this service doesn't necessarily mean you're safe if you have an OEM box. It might well have been enabled at the factory; so if you're in doubt, be sure to install the correct patch (below).

The flaws were discovered by eEye Digital Security. Microsoft has posted three patches on its TechWeb site here. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
America's super-secret X-37B plane returns to Earth after nearly TWO YEARS aloft
674 days in space for US Air Force's mystery orbital vehicle
10 Top Tips For PRs Considering Whether To Phone The Register
You'll Read These And LOL Even Though They're Serious
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.