.
Logo
Print this page
Save to disk

Hackers exploit Windows UPnP flaw

/v3-uk/news/1976751/hackers-exploit-windows-upnp-flaw

21 Nov 2005, Ken Young  , V3

Microsoft
Flaw affect Windows memory allocation functions

Hackers have developed proof-of-concept code that attempts to take advantage of an unpatched Windows vulnerability to crash systems, according to a security alert from Microsoft which rates the risk as 'low'.

The code disables machines running Windows XP SP1 and Windows 2000 SP4 in certain configurations by taking advantage of flaws in Windows memory allocation functions.

The vulnerability manifests itself when a malformed request is made to the UPnP service in the data section of a call to the GetDeviceList function.

In handling this request, memory consumption on vulnerable Windows boxes increases to the point where the system becomes unresponsive. Repeated requests can therefore be used to mount denial of service attacks.

However, attacks on Windows XP SP1 would require user authentication, thus reducing the scope for mischief by remote hackers.

In addition Microsoft users running Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by the vulnerability.
Windows 2000 shops are most at risk but effective firewalls are all that is needed to thwart attacks. Microsoft has yet to develop a security fix.

Do you agree?

Print this page
Save to disk
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093