news.cnet.com/news/0-1003-200-8244349.html?tag=mn_hd -> news.com.com/2100-1001-277291.html?legacy=cnet&tag=mn_hd
Microsoft is recommending that every Windows XP customer apply the patch immediately. Customers using Windows 98, Windows 98 Second Edition and Windows ME with the "Universal Plug and Play" (UPnP) service up and running should also use the patch, the company said. Microsoft said an attacker who exploited the hole could take over computers on such a network. Depending on the skills of the attackers, they could take complete control of the PC--such as viewing or deleting files--or launch "denial-of-service" attacks, which flood a person's PC with data, crippling it. Windows users can 29 download the patch from Microsoft's Web site. A Microsoft executive said Windows XP comes with the UPnP feature turned on, so every XP user needs the patch. People running Windows XP need to put the patch on right away," said Scott Culp, manager of Microsoft's Security Response Center. Culp said users of Windows ME or Windows 98 only need the patch if they are running UPnP. Windows ME was released with UPnP built in, but the feature is turned off when customers install that operating system. Windows 98 doesn't have UPnP built in, so users of the OS don't need the patch unless they have installed UPnP separately, he added. UPnP is networking software that is slowly beginning to catch on among tech companies and computer users. Printer makers, for example, have begun supporting it so that printers can easily connect to PCs on a network. UPnP is Microsoft's vision of allowing computers, printers and other peripherals to automatically find one another and communicate without consumers having to configure the computers. With everything connected, people in the house could videoconference or play multiplayer video games, for example. Someone who knows the Internet Protocol (IP) address of a specific PC can gain control of the computer through the Internet if the network doesn't have firewall security installed. Most corporations and many consumers, however, have firewalls installed to block these types of break-ins, he said. More seriously, hackers who are inside the network can take over a PC without needing to know the PC's IP address. That's the case with cable Internet access, where people in the neighborhood share the same cable network, Culp said. Although describing the flaws as "the worst default security vulnerability in Windows ever," Maiffret credited the company for working quickly and intelligently to stem possible damage. But he said the buffer overflow flaw was so technically complex that attacks based on it were unlikely to become widespread. Get Up to Speed 42 Enterprise Security 43 Open source 44 Utility Computing 45 VoIP 46 Web services 47 Wi-fi 48 Spam: Report Card 2004 ZDNet's Dan Farber and NetsEdge Research Group's Peter Christy look at the latest weapons used to fight spam.
|