HSTuners

HSTuners (http://www.hstuners.com/forums/index.php)
-   Shifting Gears - Off Topic Discussions (http://www.hstuners.com/forums/forumdisplay.php?f=9)
-   -   Attention Windows 98, Me and XP users (http://www.hstuners.com/forums/showthread.php?t=2141)

ebpda9 01-06-2002 04:24 PM
Attention Windows 98, Me and XP users
 
Security warning. Read the following article.

http://news.cnet.com/news/0-1003-200-8287567.html

Racing Rice 01-06-2002 04:50 PM
Thanks for the heads up..

Accord Man 01-06-2002 05:07 PM
Cool..

Is there any stuff like that for win2k users?

ebpda9 01-06-2002 11:30 PM
nope. never heard of anything like that for 2k

Whtehnda93DXSdn 01-06-2002 11:43 PM
WOW thanks for the link and heads up for sure...appreciate it.

I'll be sure to pass that on to some friends that use it....:yes:

94_AcCoRd_EX 01-07-2002 01:52 AM
Thanks for the heads up. Damn windows... :P

Racing Rice 01-07-2002 11:20 AM
Yeah really.. Microsoft's security sucks...:rolleyes: Glad we use Novell!:yes:

Addict 01-09-2002 12:14 PM
Yeah that UPNP one has been around for a while.

Security Alert, December 21, 2001

* MULTIPLE VULNERABILITIES IN MICROSOFT UNIVERSAL PLUG AND PLAY SERVICE
Multiple vulnerabilities exist in Microsoft's implementation of Universal
Plug and Play (UPnP). The first vulnerability is a remotely exploitable buffer
overflow that can result in system-level access to the vulnerable host. This
vulnerability results from an unchecked buffer in one of the service's
components that handles notify directives. By sending malformed UPnP notify
directives generated at various intervals, an attacker can cause access
violations on the vulnerable system, which results in pointers being
overwritten. Because the UPnP service runs with SYSTEM privileges, a hacker can
gain complete control of the system remotely.

The second vulnerability involves a variant of this first vulnerability in that
the UPnP service doesn't take sufficient steps to limit how far the service
goes to obtain information about a discovered service. Two Denial of Service
(DoS) scenarios exist for exploiting this vulnerability. The first is that a
potential attacker could send a notify directive to a vulnerable host and loop
the request. This loop would eventually consume all system resources on the
vulnerable system. The second scenario involves specifying a third system in
the notify directive for the vulnerable system(s) to respond to. As the UPnP
service responds to both multicast and broadcast UDP requests, the potential
for Distributed Denial of Service (DDoS) attacks exist.

Microsoft has released a bulletin and patch to remedy this vulnerability.
Please visit the URL below for links to the bulletin and patch.
http://www.secadministrator.com/arti...rticleid=23594


All times are GMT -5. The time now is 11:03 PM.

Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© 2006 HSTuners.com