"Universal Plug and Play
The NIPC is tracking what Microsoft refers to as a critical vulnerability
in the universal plug and play (UPnP) service in Windows XP, Millennium Edition
(ME), and Windows 98 or 98SE systems. This vulnerability could lead to denial
of service attacks and system compromise. Microsoft has released a patch for
this vulnerability at the following site:
installs and runs UPnP by default.
Windows 98 and 98SE only use UPnP when specifically
installed by the Internet Connection Sharing program.
UPnP is a service that identifies and uses network-based devices. There are
two known vulnerabilities in the UPnP service. The first vulnerability involves
a buffer overflow in the UPnP service that could give an attacker system or
root level access. With this level of access, an attacker could execute any
commands and take any actions they choose on the victim's computer.
The second vulnerability is in the Simple Service Discovery Protocol (SSDP)
that allows new devices on a network to be recognized by computers running
UPnP by sending out a broadcast UDP packet. Attackers can use this feature
to send false UDP packets to a broadcast address hosting vulnerable Windows
systems. Once a vulnerable system receives this message, it will respond to
the spoofed originating IP address. This can be exploited to cause a distributed
denial of service attack.
Another example of this vulnerability is if an attacker spoofed an address
that had the character generator (chargen) service running. If a vulnerable
machine were to connect to the chargen service on a system, it could become
stuck in a loop that would quickly consume system resources.
The NIPC encourages recipients of this advisory to report computer intrusions to their local FBI office http://www.fbi.gov/contact/fo/fo.htm or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or firstname.lastname@example.org.