ISP-Planet - News - Microsoft Posts "Critical" Windows XP Patch

Sections

• Best of the Lists
• Business
• CLEC-Planet
• Equipment
• Executive
Perspectives
• Fixed Wireless
• Investor
• Marketing
• Market Research
• News
• Notable Quotes
• Politics
• Profiles
• Resources
• Technology
• Value-Added
Services
• Webhosting
Also ...
• About Us
• Authors
• Letters
• Site Map
• Technology Jobs

internet.com

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet.commerce

Be a Commerce Partner

Microsoft Posts "Critical" Windows XP Patch

Microsoft Corp. posted a "critical" security patch for Windows XP, and a digital security outfit called eEye claimed credit for finding the "major vulnerabilities" in the new OS.

by Beth Cox
of internetnews.com
[December 21, 2001]

Redmond, Wash.-based Microsoft posted on its site that the impact of the vulnerability is to allow someone to "run code of attacker's choice." Microsoft stock was falling after word of the security flaw surfaced. It was down $1.93 at about 2:30 PM yesterday, to $67.56.

Furthermore, Microsoft said that "customers using Windows 98, 98SE, or ME should also apply the patch if the Universal Plug and Play service is installed and running." The patch can be found here.

Aliso Viejo, Calif.-based eEye Digital Security put out a press release "announcing the discovery of major security vulnerabilities in Microsoft's UPNP (Universal Plug and Play) Service."

The company said that Windows XP, by default, ships with a UPNP Service that can be used to detect and integrate with UPNP-aware devices.

eEye said it has discovered three vulnerabilities within Microsoft's UPNP implementation: a remotely exploitable buffer overflow that allows an attacker to gain system level access to any default installation of Windows XP, a Denial of Service (DoS) attack, and a Distributed Denial of Service (DDoS) attack.

The most serious of the three Windows XP vulnerabilities is the remotely exploitable buffer overflow, eEye said. It is possible for an attacker to write custom exploit code that will allow them to execute commands with system level access, the highest level of access within Windows XP.

The other two vulnerabilities are types of denial of service attacks. The first is a straightforward denial of service attack, which allows an attacker to remotely crash any Windows XP system. The crash will require users to power down their machines and start them up again before the system will function.

The second denial of service attack is a distributed denial of service attack. This vulnerability allows attackers to remotely command many Windows XP systems at once in an effort to make them flood/attack a single host.

Privately held eEye Digital Security is a developer of high-end network security products, including Retina, its flagship network vulnerability scanner.

— End

Related articles:
	[Sept. 28, 2001]	E.G. for Example: Mutiny Against Microsoft
	[Aug. 17, 2001]	A Really Big Patch for Microsoft IIS
	[March 27, 2000]	Windows 2000's VPN-Related Security Issues

Feedback

ISP-Planet's RSS feed

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

IBM Whitepaper: Streamline OS Deployment and Migration
Helpful Cloud Computing Resources

MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

IBM Video: Monitor and Control Your IT Infrastructure

MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Demo: Google Site Search
Virtual Event: Master Essential Techniques for Leveraging the Cloud
Article: Explore Application Lifecycle Management Tools in Visual Studio 2010
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

New Security Solutions Using Intel(R) vPro(TM) Technology
All About Botnets
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES