Slashdot Mirror

← Back to Stories (view on slashdot.org)

WinXP Security Flaw

Posted by ryuzaki0 on from the can-root-my-dad's-new-laptop dept.

Many readers have submitted word of the newest security hole in Windows XP. joshjs, for instance, writes: "Don't know if this is common knowledge at this point or not, but apparently some security researchers discovered that Windows XP's universal plug and play features contain a huge security flaw: 'A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. ... Microsoft made available on its Web site a free fix for both home and professional editions of Windows XP and forcefully urged consumers to install it immediately.' Read more at the Washington Post's story." No OS is perfectly secure, but I bet a lot of new XP owners won't be too happy about this. Update: 12/20 20:05 GMT by T : fcrick submits a link to the same AP story at Wired, and several readers have pointed out that a patch is available. Update: 12/20 21:31 GMT by T : And as banuaba writes: "This hole also affects versions of 98 with XP File sharing installed and all versions of ME."

3 of 628 comments (clear)

  1. Technically true? by sterno · · Score: 5, Interesting

    Well technically this is probably true. There have been compromises of IIS, MSSQL, and other Microsoft products but the OS itself hasn't been vunerable to such attacks until now.

    Now granted, IIS comes with Windows so, is that really a seperate component? Also, by the same logic, Linux has never been exploited either has it? I mean, does Linux run any network daemons on it's own? No. So Linux, itself is bulletproof, it's just all those other things you put on top of it that can cause problems.

    I just find it amusing how Microsoft keeps changing where they want to split their hairs when distinguishing between the OS and the applications. IE is part of the OS until it gets compromised and then suddenly it's a seperate application.

    --
    This sig has been temporarily disconnected or is no longer in service
  2. priorities by poemofatic · · Score: 5, Interesting

    This is for those who are sympathetic to the MS responsible reporting policies:

    The flaw, discovered five weeks ago threatened to undermine widespread adoption of Microsoft's latest windows software...

    The company sold 25 million copies of Windows XP in the two weeks after it hit stores Oct. 25...

    The company released a free fix thursday.

    So beyond consideration that MS delay releasing XP until this hole is fixed. The best thing to do is keep it secret (responsible reporting) until they get around to writing the patch sometime. In fact, the biggest threat here is that it will "undermine the adoption" of XP -- i.e. they might not sell as many copies if people know there is a huge hole in the OS. No mention of threat to users, etc.

    For reference, look at the motorola exploit in the jargon file.

    I wonder how many times this has to happen before people are convinced that making bugs available and publicly releasing exploit code is the only way that the big vendors will make security a top priority.

    --

    When in doubt, have a man come through a door with a gun in his hand.

  3. Plug & Play port 5000 by MillionthMonkey · · Score: 5, Interesting

    We ran into this several months ago when we were testing some server software that we wrote. We were using port 5000 as a default. As soon as XP came out, we tested the software on it and found that we could not bind a server to port 5000 at all because it was taken. So naturally, we wondered, what in XP is listening on port 5000?
    Turns out that Microsoft picked the same port for its Plug and Play architecture, which listens on it for a connection coming (presumably) through the local TCP/IP stack. The protocol is XML (maybe SOAP, can't remember). You can receive and send configuration information by using that port (the schema is somewhere on microsoft.com) and it occurred to me even then that this looked like a potential security hole. But, I thought, this is too blatantly obvious and surely Microsoft is not so stupid as to allow access to the PnP internals from nonlocal IPs. Right? So we simply moved our software's default port setting to another port and forgot about it.

    Predictions:
    The scandal will flow off MS in a day or two, like water off a duck's back.
    The downloadable security patch will be bundled with the latest updates to Microsoft's digital rights management crap.
    Every script kiddie will have a tool within the week that scans IP ranges on port 5000 in search of the machines that have remained unpatched.
    The guy who publicized the flaw will be tried in a secret military tribunal as a cyberterrorist.