Since Exchange doesn't run on any of these operating systems is it really relevant Joe?
> -----Original Message----- > From: Joe User [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 01, 2001 9:19 PM > To: Exchange Discussions > Subject: Security: Interesting DoS vs. 98, ME & XP Microsoft > Security Bulletin MS01-054 > Importance: High > > > Another vote for Win2K superiority? *shrug* > > > - - > - > ---------------------------------------------------------------------- > Title: Invalid Universal Plug and Play Request can Disrupt > System Operation > Date: 01 November 2001 > Software: Windows 98, Windows ME, Windows XP > Impact: Denial of Service > Bulletin: MS01-054 > > Microsoft encourages customers to review the Security > Bulletin at: > http://www.microsoft.com/technet/security/bulletin/MS01-054.asp. > - - > - > ---------------------------------------------------------------------- > > Issue: > ====== > The Universal Plug and Play (UPnP) service allows computers > to discover and use network-based devices. Windows ME and XP > include native UPnP services; Windows 98 and 98SE do not > include a native UPnP service, but one can be installed via > the Internet Connection Sharing client that ships with Windows XP. > > A vulnerability results because the UPnP service does not > correctly handle certain types of invalid UPnP requests. On > Windows 98, 98SE, and ME systems, receiving such a request > could cause a variety of effects ranging from slow > performance to system failure. On Windows XP, the effect is > less serious as the flaw consists of a memory leak. Each time > a Windows XP system received such a request, a small amount > of system memory would become unavailable; > if repeated many times, it could deplete system resources to > the point where performance slowed or stopped altogether. > > Mitigating Factors: > ==================== > > - Standard firewalling practices (specifically, blocking ports 1900 > and 5000) could be used to protect corporate networks from > Internet-based attacks. > > - On Windows 98 and 98SE, there is no native UPnP support for these > systems. Windows 98 and 98SE systems would only be affected if > the Internet Connection Sharing Client from Windows XP had been > installed on the system. > > - On Windows ME, UPnP support is neither installed nor running by > default. (However, some OEMs do configure pre-built systems > with the service installed and running). > > - On Windows XP, the Internet Connection Firewall, which runs > by default, would impede an attacker's ability to locate and > attack the system. > > Patch Availability: > =================== > - A patch is available to fix this vulnerability. Please read the > Security Bulletin at > http://www.microsoft.com/technet/security/bulletin/ms01-054.asp > for information on obtaining this patch. > > Acknowledgment: > =============== > - 'Ken' from FTU ([EMAIL PROTECTED]) > > - - > - > --------------------------------------------------------------------- > > > FYI. > > > > |||| > ԿԬ > - > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
