InfoWorld
Lead with Knowledge
HOME/ SITEMAP
SUBJECT INDEXES
ABOUT US
WHITE PAPERS

Learn to secure your PCs from new and unknown hacker attacks.

Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.

SEARCH:  
Home  //  Community //  Opinions //  Article
Print Article    Email Article
Window Manager
Brian Livingston
XP, the hole story

I WROTE LAST month about the UPnP (Universal Plug and Play) flaws that allow hackers to gain control of Windows XP systems (see "Plug-and-prey fiasco"). The problem is rated "critical" by Microsoft, which "strongly urges all Windows XP customers to apply the patch immediately." Get thee to Microsoft Security Bulletin MS01-059 at www.microsoft.com/technet/security/bulletin/MS01-059.asp.

Microsoft a month earlier had also posted two different patches for a separate UPnP hole in XP (MS01-054). That threat, rated by Microsoft as "low," is described at www.microsoft.com/technet/security/bulletin/MS01-054.asp.

In a follow-up column, I responded to comments that a working exploit of the 059 hole hadn't yet appeared (see "Can we talk about XP?" Feb. 4). I quoted from security expert Steve Gibson's site, www.grc.com/unpnp/unpnp.htm. It mentioned XPloit.c, an example of "exploits for the previous UPnP vulnerability," and said new cases would quickly appear.

The resulting controversy led Microsoft spokesman Casey McGee, from the public relations group Waggener Edstrom, to contact me. "The exploit code you reference, http://packetstorm.widexs.nl/0112-exploits/XPloit.c, has been thoroughly tested by Microsoft and is not effective," he wrote. "This code was also posted to Bugtraq, where it was quickly discredited as well. ... Would you please consider updating your column so that users are not needlessly panicked by this false exploit code?"

Nothing about XPloit shows up at Bugtraq, but one posting describes two related programs, UPnP_udp.c and Chargen.c, by Gabriel Maggiotti and Fernando Oubiña -- the authors of the earlier XPloit code. The programs, at www.securityfocus.com/archive/1/249238, are said to use UPnP to execute a DoS (denial of service) attack on XP.

I asked eEye Digital Security (www.eEye.com), the first company that notified Microsoft of the 059 hole, whether or not a working attack existed. "There was one exploit released for the UPnP flaw," replied chief hacking officer Marc Maiffret. He cited the Maggiotti/Oubiña posting at Bugtraq, saying, "The code was valid and working."

In response, McGee wrote: "Maiffret is correct that exploit code for the DoS discussed in MS01-054 ... [and] MS01-059 was posted on Bugtraq." The key, he says, is that "nobody has posted exploit code for the DDoS (distributed denial of service) or buffer overrun vulnerabilities discussed in MS01-059," two other threats.

Gibson, who's examined XPloit.c, says it clearly presaged the newer code. From my part, the efficacy of any one example is irrelevant. And if you think Windows XP's troubled design won't be prey to other attacks -- well, as Britney says, "I'm not that innocent!"




RELATED SUBJECTS

Security
Operating Systems

MORE >
SUBSCRIBE TO:    E-mail Newsletters  InfoWorld Mobile InfoWorld Magazine
Home  //  Community //  Opinions //  Article Print Article    Email Article
Back to Top
 ADVERTISEMENT
 

SPONSORED LINKS

Learn to secure your PCs from new and unknown hacker attacks.
Click here to receive a FREE Success Kit from Oracle.
SPEED, PERSONALIZATION AND INTEGRATION: THE KEY TO E-COMMERCE SUCCESS.
Protect Your Data: Get your FREE Enterprise Backup Intelligence Kit from ADIC.
New HP digital projectors — click now for limited-time introductory offers.

SUBSCRIBE
E-mail Newsletters
InfoWorld Mobile
Print Magazine
Web-based training
ABOUT INFOWORLD  |  SITE MAP  |  EMPLOYMENT  |  PRIVACY  |   CONTACT US

Copyright 2002 InfoWorld Media Group, Inc.