Author Topic: Take care of UPnP!  (Read 2645 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33440
  • malware fighter
Take care of UPnP!
« on: April 13, 2007, 09:49:32 AM »
Hi malware fighters,

This week more than likely an exploit will be launched against the Windows Universal Plug and Play (UPnP) hole, that has been patched last Tuesday through a Microsoft update.  According to X-Force the hole in the UPnP service forms a simple means for an attacker to remotely control a Windows XP SP2 machine fully. Because in the commercial environment UPnP service is disabled as by default, it is not expected that this exploit mayl lead to a new Zotob worm outbreak.

Universal Plug en Play is a Windows architecture enabling peer-to-peer Plug en Play functionality for network appliancies. By sending a specially crafted HTTP request to UPnP service a buffer overflow is created, enabling an attacker to execute malicious code at will.

Go here if you want to disable this dangerous service. http://www.grc.com/unpnp/unpnp.htm
Steve Gibson have been warning against this for ages now. If you need that service later just rerun.

Here an example how a similar flaw has been exploited in the past: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047960.html

Well it is beyond belief how little users really acted upon this dangerous hole. Well forewarned is forearmed..

polonus
« Last Edit: April 13, 2007, 11:13:50 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86126
  • No support PMs thanks
Re: Take care of UPnP!
« Reply #1 on: April 13, 2007, 02:39:58 PM »
The UPnP service is set on Manual by default in XP Pro and home, I disabled mine a considerable time ago based on the Black Viper services list. Services on manual are capable of being called and started.

Since I don't use P2P applications I can safely disable it, for the average user this is a service that is un-necessary.

The naming of this service is unfortunate as it has nothing to do with the Windows PnP (Plug and Play) function for local hardware devices.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
Re: Take care of UPnP!
« Reply #2 on: April 14, 2007, 04:10:22 AM »
***

For me, ditto what David said.    :)


***