[Am-info] FBI Computer Security Arm Warns of Windows XP Holes

Fred A. Miller fm@cupserv.org
Wed, 26 Dec 2001 09:37:02 -0500 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FBI Computer Security Arm Warns of Windows XP Holes
By Reuters, 12/24/2001

SAN FRANCISCO (Reuters) - The FBI's National Infrastructure Protection 
Center has urged users of Microsoft's Windows XP operating system to 
disable a feature that could leave computers open to attacks from 
hackers.

In a statement issued on Saturday, the FBI's NIPC, which usually leaves 
computer security warnings to the private sector, said it held 
technical discussions with Microsoft Corp. (MSFT.O) and other industry 
experts on Friday to identify ways to minimize the risk from security 
holes in the XP software, which was launched in late October.

A Microsoft spokesman said he had no comment on Monday on the NIPC 
statement.

The software giant announced last week it had found two vulnerabilities 
in its new operating system that could leave computers running it open 
to hackers and at risk of being temporarily shut down from a 
denial-of-service attack or used in such an attack on other computers.

Under a denial-of-service attack, a server is flooded with so much 
Internet traffic that it is made inaccessible to legitimate traffic.

In addition to installing the security patch available from Microsoft's 
Website, computer users running Windows XP should disable the 
''Universal Plug and Play'' feature, if they are not using it, the NIPC 
said in its statement.

Microsoft's Universal Plug and Play software allows devices added to a 
network to be automatically recognized and accessed. It is installed by 
default on XP systems, can be switched on in Windows ME systems and 
installed separately on the Windows 98 operating systems.

Microsoft and security experts have warned that hackers could take 
advantage of the feature to gain access to otherwise secure systems by 
overwhelming computers with data flow, a common method used by hackers.

The way that the software recognizes new machines on a network could 
also be exploited by hackers to spoof their way into a system and take 
control in order to launch a denial of service attack, the company and 
experts said.

The NIPC has issued warnings since Sept. 11 for network administrators 
to be on alert for possible distributed denial-of-service attacks, 
which could interfere with e-commerce and slow-down the Internet if 
serious enough.

Microsoft has said that Windows XP is its most secure operating system 
ever.

Microsoft has shipped at least 650,000 copies of XP since it was 
launched Oct. 25, not including units that ship with new PCs, according 
to marker researcher NPD Intellect.

<http://digitalmass.boston.com/news/wire_story.html?uri=3D/dailynews/358/technology/FBI_Computer_Security_Arm_Warn:.shtml>
- -- 
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8KeCOIhTtc6nTZIIRAkR+AJ9A0Z6PJdGuzYX8u25V4fYLwTQrDwCdFjjw
xsBCSU+wJ3pcXGGnyf5yghw=
=KS0n
-----END PGP SIGNATURE-----