Windows XP bug alert! Universal Plug and Play has a major vulnerability!
This question was answered on December 27, 2001. Much of the information contained herein may have changed since posting.
Microsoft has released a patch for a serious vulnerability that has been discovered in Windows XP.
Microsoft is recommending that every Windows XP customer apply the patch immediately Customers using Windows 98, Windows 98 Second Edition and Windows ME with the "Universal Plug and Play" (UPnP) service up and running should also apply the patch
UPnP is Microsoft software that uses Internet protocols to allow devices such as computers, scanners and printers to automatically discover one another so they can communicate Microsoft said an attacker who exploited the hole could take over computers on such a network Depending on the skills of the attackers, they could take complete control of the PC--such as viewing or deleting files--or launch "denial-of-service" attacks, which flood a person's PC with data, crippling it
Windows XP comes with the UPnP feature turned on, so every XP user needs the patch.
You can get the patches and the technical information at:<a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp" target="_blank"><font color="#003399">>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp</b></font></a>
About the author
Posted by Ken Colburn of Data Doctors on December 27, 2001