IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled


ADVISORY 01-030.3

Update: "Universal Plug and Play Vulnerabilities"
January 03, 2002

This advisory updates NIPC Advisory 01-030 regarding what Microsoft refers to as critical vulnerabilities in the Universal Plug and Play (UPnP) service in Windows XP, Millennium Edition (ME), and Windows 98 or Windows 98SE systems. These vulnerabilities could lead to denial of service attacks and separately to system compromises. Since the discovery of these vulnerabilities by eEye Digital Security, Microsoft Corporation has released a software patch and a detailed security bulletin regarding the problem, instructions for installing the patch as well as instructions to disable the UPnP service if patch installation is impracticable. Based upon a careful review of the written technical materials provided by Microsoft Corporation and in agreement with CERT Coordination Center (CERT/CC) at Carnegie Mellon University, NIPC recommends that affected users install the Microsoft patch. Although neither NIPC nor CERT/CC has actually laboratory tested the patch, we are satisfied that it corrects the problem that could lead to system compromise and affords substantial and adequate protection from the UPnP vulnerability that could lead to denial of service attacks.

Microsoft Corporation and CERT/CC substantially contributed to this advisory through their close cooperation throughout the recent holiday period. The software patch and latest version of the Microsoft Security Bulletin (updated on December 31) is available at:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp

Systems Affected:

  • Windows XP installs and runs UPnP by default.
  • Windows ME provides native support for UPnP, but it is neither installed nor running by default.
  • Windows 98 and Windows 98SE only use UPnP when specifically installed by the Internet Connection Sharing program.

The NIPC encourages recipients of this advisory to report computer intrusions to their local FBI office http://www.fbi.gov/contact/fo/fo.htm or the NIPC, and to other appropriate authorities. Recipients may report incidents online at http://www.nipc.gov/incident/cirr.htm, and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@fbi.gov

Links to Advisories 01-030, 01-030.1, and 01-030.2