Windows XP security alert revised by FBI agency
Computerworld -
The FBI's National Infrastructure Protection Center (NIPC) has revised its recent security bulletin regarding Windows XP's Universal Plug and Play (UPnP) service.
On Christmas Eve, the NIPC issued a bulletin advising Windows XP users to consider turning off the UPnP service to close a security hole that could allow hackers to break into a user's computer (see story). That recommendation followed the posting of a patch by Microsoft Corp. on its Web site (see story).
Now, in an updated security bulletin, the NIPC has dropped the recommendation to disable UPnP. Instead, the Washington-based agency is recommending that the Microsoft patch be installed to correct the security vulnerability.
Marty Lindner, a team leader at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, said the original NIPC alert was updated after better information became available about the problem. Because of the Christmas and New Year's holidays, security experts weren't able to fully explore solutions to the problem at that time, he said.
"The quality of the information and the time to analyze it was short, so they put out the best information they could," Lindner said.
The security vulnerability was a buffer overflow that could allow distributed denial-of-service attacks and other intrusions, according to the NIPC. The problem also could affect Windows 98, 98SE and ME, which use the UPnP service.
The UPnP service allows PCs to discover and use various network-based devices such as printers. Windows XP has native UPnP capability, which runs by default on the system. Windows ME also includes native UPnP capability, but it doesn't run by default. With Windows 98 and 98SE, UPnP must be installed via the Internet Connection Sharing client that ships with Windows XP.
Originally, the NIPC believed that the buffer overflow problem was in UPnP itself, Lindner said. The problem was later found to be in one of the protocol services that implement the UPnP service.
Alfred Huger, vice president of engineering at SecurityFocus, an IT security firm in San Mateo, Calif., said that the NIPC "made a mistake in their fix" for the problem in its first bulletin. "The about-face was actually a correction," he added.
Charles Kolodgy, an analyst at IDC in Framingham, Mass., said the updated bulletin from the NIPC may not end the discussion about the vulnerability.
"The bad part is it kind of makes it a little confusing for what users should do," he said.
Related stories:
- Windows XP sells less than Windows 98 after two months, Dec. 19, 2001
- Microsoft's XP copy-protection not foolproof, Nov. 1, 2001
- Windows XP: Is it safe?, Oct. 22, 2001
Read more about security in Computerworld's Security Knowledge Center.
Security
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

