Author Topic: Take care of UPnP!  (Read 3020 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33873
  • malware fighter
Take care of UPnP!
« on: April 13, 2007, 09:49:32 AM »
Hi malware fighters,

This week more than likely an exploit will be launched against the Windows Universal Plug and Play (UPnP) hole, that has been patched last Tuesday through a Microsoft update.  According to X-Force the hole in the UPnP service forms a simple means for an attacker to remotely control a Windows XP SP2 machine fully. Because in the commercial environment UPnP service is disabled as by default, it is not expected that this exploit mayl lead to a new Zotob worm outbreak.

Universal Plug en Play is a Windows architecture enabling peer-to-peer Plug en Play functionality for network appliancies. By sending a specially crafted HTTP request to UPnP service a buffer overflow is created, enabling an attacker to execute malicious code at will.

Go here if you want to disable this dangerous service.
Steve Gibson have been warning against this for ages now. If you need that service later just rerun.

Here an example how a similar flaw has been exploited in the past:

Well it is beyond belief how little users really acted upon this dangerous hole. Well forewarned is forearmed..

« Last Edit: April 13, 2007, 11:13:50 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88787
  • No support PMs thanks
Re: Take care of UPnP!
« Reply #1 on: April 13, 2007, 02:39:58 PM »
The UPnP service is set on Manual by default in XP Pro and home, I disabled mine a considerable time ago based on the Black Viper services list. Services on manual are capable of being called and started.

Since I don't use P2P applications I can safely disable it, for the average user this is a service that is un-necessary.

The naming of this service is unfortunate as it has nothing to do with the Windows PnP (Plug and Play) function for local hardware devices.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security


  • Guest
Re: Take care of UPnP!
« Reply #2 on: April 14, 2007, 04:10:22 AM »

For me, ditto what David said.    :)