Hi malware fighters,
This week more than likely an exploit will be launched against the Windows Universal Plug and Play (UPnP) hole, that has been patched last Tuesday through a Microsoft update. According to X-Force the hole in the UPnP service forms a simple means for an attacker to remotely control a Windows XP SP2 machine fully. Because in the commercial environment UPnP service is disabled as by default, it is not expected that this exploit mayl lead to a new Zotob worm outbreak.
Universal Plug en Play is a Windows architecture enabling peer-to-peer Plug en Play functionality for network appliancies. By sending a specially crafted HTTP request to UPnP service a buffer overflow is created, enabling an attacker to execute malicious code at will.
Go here if you want to disable this dangerous service. http://www.grc.com/unpnp/unpnp.htm
Steve Gibson have been warning against this for ages now. If you need that service later just rerun.
Here an example how a similar flaw has been exploited in the past: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047960.html
Well it is beyond belief how little users really acted upon this dangerous hole. Well forewarned is forearmed…
polonus