Microsoft patch blocks holes in XP

Microsoft Corp. issued a security bulletin Thursday to users of its Windows operating systems, warning of three "critical" holes in the software that leave a Windows PC vulnerable to hackers when it is logged on to the Internet.

By exploiting holes in technology built into Windows XP that allow a computer to automatically recognize peripheral devices, such as digital cameras or printers, when they are plugged into a PC, a hacker could take over a user's PC and run malicious code or use it to perform a denial of service attack.

Microsoft has posted free patches for the holes on its Web site for developers, for each of the affected operating systems. Windows XP is the most vulnerable to the holes, while users of Windows ME and Windows 98 were also encouraged to install the patches. Microsoft strongly urged Windows XP users to install the patch immediately.

The vulnerable technology is called Universal Plug and Play (UPnP). Windows XP and its predecessor, Windows ME, have built-in support for UPnP. Users of Windows 98 can get support for the technology through a Microsoft download.

Independent security consultants from eEye Digital Security, based in Aliso Viejo, California, managed to discover the vulnerabilities by sending malicious commands disguised as a UPnP service to a remote computer plugged into the Internet.

"This would enable the attacker to gain complete control over the system," Microsoft said in the security bulletin.

Certain commands could allow a hacker to run code on that computer, install software or use that PC to perform a denial of service attack. In denial of service attacks, software is used flood a network with traffic, rendering servers unable to distinguish between legitimate traffic and malicious or false traffic.

Since its Oct. 25 release, Microsoft has sold about 650,000 copies of the operating system as a packaged product through retail channels, according to research from NPDTechworld, a division of the NPD Group Inc. PC makers have been selling computers with the operating system pre-installed since September.

Microsoft has made patches available on its Web site at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Berger

Computerworld

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?