Take care of UPnP!

Hi malware fighters,

This week more than likely an exploit will be launched against the Windows Universal Plug and Play (UPnP) hole, that has been patched last Tuesday through a Microsoft update. According to X-Force the hole in the UPnP service forms a simple means for an attacker to remotely control a Windows XP SP2 machine fully. Because in the commercial environment UPnP service is disabled as by default, it is not expected that this exploit mayl lead to a new Zotob worm outbreak.

Universal Plug en Play is a Windows architecture enabling peer-to-peer Plug en Play functionality for network appliancies. By sending a specially crafted HTTP request to UPnP service a buffer overflow is created, enabling an attacker to execute malicious code at will.

Go here if you want to disable this dangerous service. http://www.grc.com/unpnp/unpnp.htm
Steve Gibson have been warning against this for ages now. If you need that service later just rerun.

Here an example how a similar flaw has been exploited in the past: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047960.html

Well it is beyond belief how little users really acted upon this dangerous hole. Well forewarned is forearmed…

polonus

The UPnP service is set on Manual by default in XP Pro and home, I disabled mine a considerable time ago based on the Black Viper services list. Services on manual are capable of being called and started.

Since I don’t use P2P applications I can safely disable it, for the average user this is a service that is un-necessary.

The naming of this service is unfortunate as it has nothing to do with the Windows PnP (Plug and Play) function for local hardware devices.


For me, ditto what David said. :slight_smile: