All the latest UK technology news, reviews and analysis

Hackers exploit Windows UPnP flaw

by Ken Young

21 Nov 2005

Comments: 2

  • Tweet this
Microsoft
Flaw affect Windows memory allocation functions

Hackers have developed proof-of-concept code that attempts to take advantage of an unpatched Windows vulnerability to crash systems, according to a security alert from Microsoft which rates the risk as 'low'.

The code disables machines running Windows XP SP1 and Windows 2000 SP4 in certain configurations by taking advantage of flaws in Windows memory allocation functions.

The vulnerability manifests itself when a malformed request is made to the UPnP service in the data section of a call to the GetDeviceList function.

In handling this request, memory consumption on vulnerable Windows boxes increases to the point where the system becomes unresponsive. Repeated requests can therefore be used to mount denial of service attacks.

However, attacks on Windows XP SP1 would require user authentication, thus reducing the scope for mischief by remote hackers.

In addition Microsoft users running Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by the vulnerability.
Windows 2000 shops are most at risk but effective firewalls are all that is needed to thwart attacks. Microsoft has yet to develop a security fix.

Do you agree?

Add your comment

Windows is Perfection

Windows is a constantly changeing adaptive operateing system.Soon good Bill will add automonic computeing power to windows and with a little help from IBM windows will rule the world.The script kiddie hackers are already being tracked and tricked.Microsoft knows all things.

Posted by: wendysystems 21 Nov 2005

windows sux

this, once again proves beyond all dobuts that, windows really sux...Good work guys..keep working...

Posted by: jimmy 21 Nov 2005

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Google Logo

Google sees ad bans top 134 million

Related white papers

Related articles

Related jobs

Today's top stories

Google Android Malware

Top 10 Android mobile security apps

Phil Pavitt is chief information officer at HMRC

Government IT chief slams Apple security as 'appalling'

V3's Madeline Bennett

HP's loss of Autonomy founder Mike Lynch could be UK tech sector's gain

Poll

The workplace of the future poll - in association with IBM

What will be the biggest change to corporate technology in the future?

89%

6%

1%

3%

1%

Features

cookies

Quick guide to cookie law compliance

cookie

ICO sends out mixed messages on cookie law

V3's Madeline Bennett

HP's loss of Autonomy founder Mike Lynch could be UK tech sector's gain

An EMC logo

EMC World: Big data evolves into data science

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Riso

Colour printing: why the bill keeps outstripping the budget

The wrong printers, for the wrong tasks on the wrong contracts

Qlikview

Magic quadrant for business intelligence platforms

Who leads the BI pack and who should we be watching out for?

Technology jobs

Chief, Partner Solutions / Director, Client solutions

Chief, Partner Solution / Director, Client Solutions...

ASP.NET, C# Developer, .NET - MS Gold Partner - Preston

ASP.NET, C# Developer, .NET - MS Gold Partner - Preston...

SQL Server DBA - Ecommerce Brand - Southampton, Hampshire

SQL Server DBA (Database Administrator, Administration...

.NET Developer - Financial Services - Basingstoke, Hampshire

.NET Developer - Financial Services - Basingstoke, Hampshire...

Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.

More white papers
To send to more than one email address, simply separate each address with a comma.