Vulnerabilities of Windows XP
Download
Report
Transcript Vulnerabilities of Windows XP
Vulnerabilities of
Windows XP
Brock Prince
Dana Zottola
ECE 578 Spring 2002
C.K. Koc
Outline
Introduction
Universal Plug and Play (UPnP)
Unchecked
Buffer
Denial of Service
Distributed Denial of Service
Discovery of Vulnerabilities
Patch
Conclusions
Introduction
Universal Plug and Play is a valuable
feature, and a growing trend in network
systems
Windows XP claimed to be secure against
hackers
3 Vulnerabilities found related to UPnP in
Windows XP
Universal Plug and Play (UPnP)
Detects and connects to:
Computers
Intelligent
appliances
Wireless devices
Defines set of protocols for connection
Allows
for easy configuration
Universal Plug and Play (UPnP)
Example:
User
connects laptop to:
Network
Print server
DSL router
Fax machine
Other computers
Universal Plug and Play (UPnP)
Universal Plug and Play (UPnP)
Six basic layers:
Device
addressing
Device discovery
Device description
Action invocation
Event messaging
Presentation or human interface
Remotely Exploitable Buffer
An attacker can gain remote SYSTEM level
access to any default installation of Windows XP
Unchecked buffer in one of the components that
handle the NOTIFY directives
Send
a specially malformed NOTIFY directive, and it
is possible for an attacker to run code in the context of
the UPnP subsystem, which runs with System
priviledges on Windows XP.
Denial of Service Attack
Denial of Service (DoS) attacks crash a
system, and the user has to physically
power cycle the machine to regain
functionality
The UPnP feature of Windows XP leaves
the system vulnerable to DoS attacks
Distributed Denial of Service Attack
Distributed Denial of Service (DDoS)
attacks cause many systems to flood or
attack a single host.
The UPnP and raw socket support
features of Windows XP leave the system
vulnerable to DDoS attacks
Raw Sockets (Not Related to UPnP)
Discovery of Vulnerabilities
eEye Digital Security
Believe
there are several security issues with
the UPnP protocol
Found 3 vulnerabilities within Microsoft’s
implementation of UPnP
Alerted Microsoft immediately upon discovery
of the vulnerabilities
Patch
Available soon after vulnerabilities
discovered
Downloadable from:
http://www.microsoft.com/technet/security/bulleti
n/MS01-059.asp
Conclusions
UPnP is a good idea
Windows XP is vulnerable upon default
installation, but patch is available
Raw socket support still under debate
References
[1] http://www.microsoft.com/Downloads/Release.asp?ReleaseID=34951
[2] http://www.microsoft.com/technet/security/bulletin/ms01-059.asp
[3] http://www.eeye.com/html/press/PR20011220.html
[4] http://www.eeye.com/html/Research/Advisories/AD20011220.html
[5] http://special.northernlight.com/windowsxp/security_flaw.htm#doc
[6] http://grc.com/dos/xpsummary.htm
[7] http://special.northernlight.com/windowsxp/pentagon.htm#doc
[8] http://www.nwfusion.com/news/2001/1015threatxp.html
[9] http://www.irchelp.org/irchelp/nuke/
[10] http://www.cnet.com/software/0-6688749-8-7004399-6.html