Transcript Vulnerabilities of Windows XP

Vulnerabilities of
Windows XP
Brock Prince
Dana Zottola
ECE 578 Spring 2002
C.K. Koc
Outline


Introduction
Universal Plug and Play (UPnP)
 Unchecked
Buffer
 Denial of Service
 Distributed Denial of Service



Discovery of Vulnerabilities
Patch
Conclusions
Introduction
Universal Plug and Play is a valuable
feature, and a growing trend in network
systems
 Windows XP claimed to be secure against
hackers
 3 Vulnerabilities found related to UPnP in
Windows XP

Universal Plug and Play (UPnP)

Detects and connects to:
 Computers
 Intelligent
appliances
 Wireless devices

Defines set of protocols for connection
 Allows
for easy configuration
Universal Plug and Play (UPnP)

Example:
 User

connects laptop to:
Network
 Print server
 DSL router
 Fax machine
 Other computers
Universal Plug and Play (UPnP)
Universal Plug and Play (UPnP)

Six basic layers:
 Device
addressing
 Device discovery
 Device description
 Action invocation
 Event messaging
 Presentation or human interface
Remotely Exploitable Buffer


An attacker can gain remote SYSTEM level
access to any default installation of Windows XP
Unchecked buffer in one of the components that
handle the NOTIFY directives
 Send
a specially malformed NOTIFY directive, and it
is possible for an attacker to run code in the context of
the UPnP subsystem, which runs with System
priviledges on Windows XP.
Denial of Service Attack
Denial of Service (DoS) attacks crash a
system, and the user has to physically
power cycle the machine to regain
functionality
 The UPnP feature of Windows XP leaves
the system vulnerable to DoS attacks

Distributed Denial of Service Attack
Distributed Denial of Service (DDoS)
attacks cause many systems to flood or
attack a single host.
 The UPnP and raw socket support
features of Windows XP leave the system
vulnerable to DDoS attacks
 Raw Sockets (Not Related to UPnP)

Discovery of Vulnerabilities

eEye Digital Security
 Believe
there are several security issues with
the UPnP protocol
 Found 3 vulnerabilities within Microsoft’s
implementation of UPnP
 Alerted Microsoft immediately upon discovery
of the vulnerabilities
Patch
Available soon after vulnerabilities
discovered
 Downloadable from:

http://www.microsoft.com/technet/security/bulleti
n/MS01-059.asp
Conclusions
UPnP is a good idea
 Windows XP is vulnerable upon default
installation, but patch is available
 Raw socket support still under debate

References










[1] http://www.microsoft.com/Downloads/Release.asp?ReleaseID=34951
[2] http://www.microsoft.com/technet/security/bulletin/ms01-059.asp
[3] http://www.eeye.com/html/press/PR20011220.html
[4] http://www.eeye.com/html/Research/Advisories/AD20011220.html
[5] http://special.northernlight.com/windowsxp/security_flaw.htm#doc
[6] http://grc.com/dos/xpsummary.htm
[7] http://special.northernlight.com/windowsxp/pentagon.htm#doc
[8] http://www.nwfusion.com/news/2001/1015threatxp.html
[9] http://www.irchelp.org/irchelp/nuke/
[10] http://www.cnet.com/software/0-6688749-8-7004399-6.html