A trio of flaws in the Universal Plug and Play (UPnP) service, which allows for automatic hardware detection in a network environment, can offer up total ownership of your machine to a malicious third party, Microsoft warns.

First up, and by far the most serious, an unchecked buffer in a component handling NOTIFY directives affecting Win 98 and ME, and XP, the most secure Windows ever produced. By sending a malicious NOTIFY directive, an attacker can run code in the UPnP service, which runs with System privileges on XP and at the OS level on 98 and ME. This would enable the attacker to own the system.



Full article: http://www.theregister.co.uk/content/4/23480.html

yep, good call on this post.

_EVERYONE_ should patch their systems.

-davidu

"US Defense Department and FBI officials contacted Microsoft on Friday to express their concern over the recently-disclosed security bugs affecting all versions of Windows, the Associated Press reports.

The Feds were particularly concerned that the bug gives up root on Win-XP, ironically touted as the most secure Windows OS ever developed, the wire service says.

Additionally, the Feds sought assurance that the patches MS has issued are adequate to bung the holes without causing problems for the machines they're installed on...."


Entire article: http://www.theregister.co.uk/content/4/23495.html

"... The federal government and technology industry want you to believe the threats to our networks are external, not internal, where someone must be held accountable when things go wrong. Thus, we hear the rhetoric about cyber terrorists, hackers, and the so-called 'Digital Pearl Harbor' - things you can't easily point fingers at and hold someone accountable for when bad things happen. The White House would be wise to look at our nation's own self-induced vulnerabilities before rushing to spin up a sinister external threat; absent the rich target of opportunity presented by nearly all Microsoft products, hackers, crackers, and electronic evildoers would have a much harder time causing mainstream mischief every other week.

Windows XP was promoted by Microsoft as perhaps the ultimate and most secured Windows operating system the firm had ever created, and one of its key features was increased security from electronic evildoers like hackers, crackers, and so-called cyber terrorists. In fact, in a recent interview with E-Week, Microsoft Vice President Jim Allchin said that Windows XP is "...dramatically more secure than Windows 2000 or any of the prior systems." Released on October 25, it was to be the default operating system on all new personal computers sold, and its release was timed to coincide with new PC sales for the 2001 holiday season. ... "

(written by Richard Forno, the Chief Technology Officer for a Dulles, Virginia firm providing information assurance support to the national security and intelligence communities.)

Entire article: http://www.theregister.co.uk/content/4/23496.html