Microsoft patch blocks holes in XP

Microsoft Corp. has issued a security bulletin to users of its Windows operating systems, warning of three “critical” holes in the software that leave a Windows PC vulnerable to hackers when it is logged on to the Internet.

By exploiting holes in technology built into Windows XP that allow a computer to automatically recognize peripheral devices, such as digital cameras or printers, when they are plugged into a PC, a hacker could take over a user’s PC and run malicious code or use it to perform a denial of service attack.

Microsoft has posted free patches for the holes on its Web site for developers, for each of the affected operating systems. Windows XP is the most vulnerable to the holes, while users of Windows ME and Windows 98 were also encouraged to install the patches. Microsoft strongly urged Windows XP users to install the patch immediately.

The vulnerable technology is called Universal Plug and Play (UPnP). Windows XP and its predecessor, Windows ME, have built-in support for UPnP. Users of Windows 98 can get support for the technology through a Microsoft download.

Independent security consultants from eEye Digital Security, based in Aliso Viejo, Calif., managed to discover the vulnerabilities by sending malicious commands disguised as an UPnP service to a remote computer plugged into the Internet.

“This would enable the attacker to gain complete control over the system,” Microsoft said in the security bulletin.

Certain commands could allow a hacker to run code on that computer, install software or use that PC to perform a denial of service attack. In denial of service attacks, software is used flood a network with traffic, rendering servers unable to distinguish between legitimate traffic and malicious or false traffic.

Microsoft has made patches available on its Web site at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp.

Microsoft Canada Co. in Mississauga, Ont., is at http://www.microsoft.ca

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now