*MAJOR* security hole in Windows XP discovered!!!!!

[ScoobMaster]

I posted this in the Operating System Forum, but thought it might get more attention in here!

Details of this are found at this LINK

If you have XP, you might want to seek out that patch in a timely manner!

More info here

MS Tech Bulletin and patch is here

 

[FelixDeCat]

What? Windows vulnerable?! "No!"

 

[Bluga]

A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.

 

[khtm]

<< A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. >>



OMG!!! OH NO! AIIIIIEEEEEEEEEEEEEEEE!!!!! NOOOOOO!O!OO!O!!!!

Gee. I sure feel good knowing that I'm running Win2k

 

[prodigy]

<<

<< A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. >>



OMG!!! OH NO! AIIIIIEEEEEEEEEEEEEEEE!!!!! NOOOOOO!O!OO!O!!!! >>

 

[ander]

Uh, good find i guess. Friggin XP.

 

[kendogg]

oh sh!t! thanks for the informative info.. ill do this when i get home

 

[BeauJangles]

Tell me something I didn't know

 

[LordThing]

If you read the announcement, its also for win98 and 98se along with Win Me. This effects alot of people. Already informed the rest of my IT staff and other adminstrator friends. Thanks for the heads up.

 

[FreeAgent]

While I appreciate the news.....old old old. I should suggest if you have the latest virus definitions in your anti-virus and you have a good firewall your all set. FYI: XP has more doors than that single portal.
Go to Symantec. Trust me your better off this way than going for some spyware at Microsoft.


It's a link to the Symantec Virus index. Look at the many thousands and find out what they do.

 

[Nemesis77]

<<

<< A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. >>



OMG!!! OH NO! AIIIIIEEEEEEEEEEEEEEEE!!!!! NOOOOOO!O!OO!O!!!!

Gee. I sure feel good knowing that I'm running Win2k >>



I sure feel good knowing that I'm running Linux

 

[whalen]

<< While I appreciate the news.....old old old. I should suggest if you have the latest virus definitions in your anti-virus and you have a good firewall your all set. FYI: XP has more doors than that single portal.
Go to Symantec. Trust me your better off this way than going for some spyware at Microsoft.


It's a link to the Symantec Virus index. Look at the many thousands and find out what they do. >>



Are you on crack?

 

[CocaCola5]

HAHA!!

 

[FreeAgent]

<<Are you on crack?>>

Why do you say that? Because I knew about it like over a month now.

 

[PG]

I'm shocked! How can this be possible? Microsoft told us that a closed source operating system is better than open source.

 

[Harvey]

Story on News.com (includes links):

Microsoft issues patch for XP security hole

By Wylie Wong
Staff Writer, CNET News.com
December 20, 2001, 11:15 a.m. PT


just in Microsoft may have touted Windows XP as the most secure operating system it has made, but the company on Thursday released a bug fix for a security hole that could leave some people's systems open to malicious attack.

Microsoft is recommending that every Windows XP customer apply the patch immediately. Customers using Windows 98, Windows 98 Second Edition and Windows ME with the "Universal Plug and Play" service up and running should also use the patch, the company said.

Universal Plug and Play is Microsoft software that uses Internet protocols to allow devicessuch as computers, scanners and printers to automatically discover one another so they can communicate. Microsoft said an attacker who exploited the hole could take over computers on such a network.

Windows users can download the patch from Microsoft's Web site.

More details to follow

 

[phatcow]

sounds to me like a remote desktop problem

 

[whalen]

<< Why do you say that? Because I knew about it like over a month now. >>



No, because you are saying that a good ol' copy of NAV and Zonealarm is better than patching up your OS. And on top of that, you call the security patch spyware. I hope to god you aren't in charge of any computer other than your own. This kind of thinking is why Code Red was lingering around for so long. :disgust:

 

[NikPreviousAcct]

The only security hole in WindowsXP is the user who installs it. The ultimate security patch is to format and reinstall Win2k.

Nik {likes his Win2k}

 

[LordUnum]

<< Gee. I sure feel good knowing that I'm running Win2k >>


...and hopefully someday...


<< I sure feel good knowing that I'm running Linux [or *BSD] >>

 

[Elledan]

ScoobMaster, you should update the title since this 'feature' is also found in Win98, Win98SE and WinME.

What would hackers do without good ol' MSFT?

 

[ScoobMaster]

Elledan,

I read through the Microsoft tech bulletin and only in XP is the UPnP service installed and running BY DEFAULT. In ME one has to install it seperately, and in 98/98SE the user would have had to install the XP Internet connection sharing client.

Here is the MS assesment by OS:

What operating systems support UPnP?

* Neither Windows 98 nor Windows 98SE include a native UPnP capability. It can only be added by installing the Internet Connection Sharing client provided in Windows XP.
* Windows ME includes a native UPnP capability, but it is neither installed nor running by default.
* Neither Windows NT 4.0 nor Windows 2000 support UPnP.
* Windows XP includes a native UPnP capability. It is installed and running by default.

Link to full bulletin

In a sense you are correct, ME users and 98/98SE MIGHT be at risk (ME more probable than 98) but the real critical vulnerability is to the unsuspecting XP user who has a default install.

 

[FreeAgent]

<<<I'm shocked! How can this be possible? Microsoft told us that a closed source operating system is better than open source.>>>

Agree their....when Microsoft came out with that I couldn't believe what I was reading! That is a first.


Before when I said I heard about this a month ago I meant I managed to get the info. before it was public. I also had heard from that same source (undisclosed) that the latest firewalls equipped with the latest virus/trojan etc. deffs. are able to automatically protect you (if you have the feature). I am an anti-virus subscriber which simply means I load the latest updates on all threats everyday and read through them wich is optional. One of my three subscription services caught a similar opening and has been able to close it. Having said that I downloaded the Windows patch through Windows update early this morning. The fact that MS admitted this publically is a shock.


Cigar anyone?

 

[Elledan]

<< Elledan,

I read through the Microsoft tech bulletin and only in XP is the UPnP service installed and running BY DEFAULT. In ME one has to install it seperately, and in 98/98SE the user would have had to install the XP Internet connection sharing client.

Here is the MS assesment by OS:

What operating systems support UPnP?

* Neither Windows 98 nor Windows 98SE include a native UPnP capability. It can only be added by installing the Internet Connection Sharing client provided in Windows XP.
* Windows ME includes a native UPnP capability, but it is neither installed nor running by default.
* Neither Windows NT 4.0 nor Windows 2000 support UPnP.
* Windows XP includes a native UPnP capability. It is installed and running by default.

Link to full bulletin

In a sense you are correct, ME users and 98/98SE MIGHT be at risk (ME more probable than 98) but the real critical vulnerability is to the unsuspecting XP user who has a default install. >>


Fair enough.

 

[jonley]

<< What? Windows vulnerable?! "No!" >>