Figure I
2. UPnP Service Vulnerabilities
UPnP (Universal Plug and Play protocol, full name Universal Plug) is a service that allows the host to locate and use the device on the LAN, and it can use the IP protocol to enable computers, scanners, printers, digital cameras and other devices to automatically search for each other for communication. Using UPnP, network devices can find other devices connected to the same network, which, like Plug and Play, will automatically find hardware after installing new hardware.
UPnP is now a more advanced technology, already included in Windows XP, this is a good thing, but it has caused trouble, because UPnP will bring some security vulnerabilities. Hackers exploit such vulnerabilities to gain full control over other PCs, or to launch Dos attacks. If he knows the IP address of a PC, he can control the PC through the Internet, even in the same network, even without knowing the IP address of the PC. Specifically, UPnP services can cause the following two security vulnerabilities:
(1), buffer Overflow vulnerability
There is a buffer overflow problem with UPnP, when processing the Location field in the NOTIFY command, a buffer overflow occurs if the IP address, port, and filename portions are too long, resulting in some process of the server program and the contents of its memory space being overwritten. This vulnerability was discovered and notified to Microsoft by eeye Digital Security, the most serious buffer overflow vulnerability in Windows history. Because the UPnP service is running in the context of the system, the exploit allows the hacker to perform Dos attacks, and a high level hacker can even control others ' computers, take over the user's computer, check or delete files. More seriously, the server program listens for broadcast and multicast interfaces, so that attackers can attack multiple machines at the same time without having to know the IP address of a single host.
Security countermeasures: Because the UPnP (Universal Plug and Play) feature is turned on by Windows XP, all WinXP users should install the patch immediately, while WinME users need the patch only if they are running UPnP because Windows The UPnP feature of me is turned off at install time, and as for Win98, because there is no UPnP, you can download the patch from Microsoft's website only if the user installs UPnP on their own.
(2), UDP and UDP spoofing
It is also easy to attack a system that is running UPnP services, as long as a UDP packet is sent to the system's 1900 port, where the address of the "LOCATION" field points to the Chargen port of another system, which can cause the system to enter an infinite connection cycle, which can result in the system CPU being 100% occupied , unable to provide normal service. In addition, an attacker who sends a spoofed UDP message to a network with many XP hosts may also force the XP hosts to attack the specified host.
Security Countermeasures: Click the XP Control Panel/Admin Tool/service, double-click the Universal Plug and play Device Host service, and select Disabled in the Startup type (figure II) to turn off the UPnP service.
Figure II
If you do not want to disable UPnP services to plug such vulnerabilities, you can download the corresponding patches to Microsoft's Web site, or set up a firewall to prevent network external packets from connecting to port 1900. The
3, the logout vulnerability
Hotkey feature is one of the WinXP system services, and once the user logs on to the WinXP, the hotkey function is started, so you can use the system default, or set the hotkey yourself. If your computer does not have a screen saver and password installed, you leave the computer for some time, go elsewhere, WinXP will be very smart to automatically log off, but this "logoff" does not really log off, all the background programs are still running (hot Key features are not closed), so other people although not into your desktop , you can't see what's on your computer, but you can continue to use a hotkey.
At this point if someone on your machine, using a hotkey to start some network-related sensitive programs (or services), using a hotkey to remove important files in the machine, or use hot keys to do other bad things, the consequences are quite serious! So the loophole is born, I hope Microsoft can release the patch in time, so that the hot-key service can also be stopped when the WinXP "Self Logoff".
Security Countermeasures: When you leave the computer, press the Windows key +l key to lock the computer, or open the screen saver and set the password, or check the hotkey for programs and services that may be harmful, and cancel these hotkeys.
4, Remote Desktop Vulnerability
When a network connection is established, WinXP Remote Desktop sends the username in clear text to the client that connected it. The user name sent may be the user name of the remote host, or the user name commonly used by the client, and the sniffer program on the network may capture these account information.
Security Countermeasures: Click Control Panel/System/remote, cancel allow users to connect remotely to this computer to stop Remote Desktop use.
5, Help and Support Center vulnerabilities
Windows XP has a Help and Support Center feature that allows hackers to leverage security flaws in code that sends new hardware data to Microsoft when they are connected to the Internet. Remote access to a machine that has this flaw from a link in a Web page or HTML-formatted e-mail to open or delete files on the attacked machine.
Security Countermeasures: Download or buy from Microsoft's Web site by installing a patch to Microsoft's Web site to fix the problem, or by installing a Microsoft-issued Windows XP SP1,WINXP SP1.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
