Avast WEBforum
Other => General Topics => Topic started by: polonus on April 13, 2007, 09:49:32 AM
-
Hi malware fighters,
This week more than likely an exploit will be launched against the Windows Universal Plug and Play (UPnP) hole, that has been patched last Tuesday through a Microsoft update. According to X-Force the hole in the UPnP service forms a simple means for an attacker to remotely control a Windows XP SP2 machine fully. Because in the commercial environment UPnP service is disabled as by default, it is not expected that this exploit mayl lead to a new Zotob worm outbreak.
Universal Plug en Play is a Windows architecture enabling peer-to-peer Plug en Play functionality for network appliancies. By sending a specially crafted HTTP request to UPnP service a buffer overflow is created, enabling an attacker to execute malicious code at will.
Go here if you want to disable this dangerous service. http://www.grc.com/unpnp/unpnp.htm
Steve Gibson have been warning against this for ages now. If you need that service later just rerun.
Here an example how a similar flaw has been exploited in the past: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047960.html
Well it is beyond belief how little users really acted upon this dangerous hole. Well forewarned is forearmed..
polonus
-
The UPnP service is set on Manual by default in XP Pro and home, I disabled mine a considerable time ago based on the Black Viper services list. Services on manual are capable of being called and started.
Since I don't use P2P applications I can safely disable it, for the average user this is a service that is un-necessary.
The naming of this service is unfortunate as it has nothing to do with the Windows PnP (Plug and Play) function for local hardware devices.
-
***
For me, ditto what David said. :)
***