Hackers have developed proof-of-concept code that attempts to take advantage of an unpatched Windows vulnerability to crash systems, according to a security alert from Microsoft which rates the risk as 'low'.
The code disables machines running Windows XP SP1 and Windows 2000 SP4 in certain configurations by taking advantage of flaws in Windows memory allocation functions.
The vulnerability manifests itself when a malformed request is made to the UPnP service in the data section of a call to the GetDeviceList function.
In handling this request, memory consumption on vulnerable Windows boxes increases to the point where the system becomes unresponsive. Repeated requests can therefore be used to mount denial of service attacks.
However, attacks on Windows XP SP1 would require user authentication, thus reducing the scope for mischief by remote hackers.
In addition Microsoft users running Windows XP Service Pack 2, Windows Server
2003 and Windows Server 2003 Service Pack 1 are not affected by the
Windows 2000 shops are most at risk but effective firewalls are all that is needed to thwart attacks. Microsoft has yet to develop a security fix.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago