MS warns of severe XP security hole

A trio of flaws in the Universal Plug and Play (UPnP) service, which allows for automatic hardware detection in a network environment, can offer up total ownership of your machine to a malicious third party, Microsoft warns.

First up, and by far the most serious, an unchecked buffer in a component handling NOTIFY directives affecting Win 98 and ME, and XP, the most secure Windows ever produced. By sending a malicious NOTIFY directive, an attacker can run code in the UPnP service, which runs with System privileges on XP and at the OS level on 98 and ME. This would enable the attacker to own the system.



Full article: http://www.theregister.co.uk/content/4/23480.html

 

 

 

 

Top