140 likes | 245 Views
Vulnerabilities of Windows XP. Brock Prince Dana Zottola ECE 578 Spring 2002 C.K. Koc. Outline. Introduction Universal Plug and Play (UPnP) Unchecked Buffer Denial of Service Distributed Denial of Service Discovery of Vulnerabilities Patch Conclusions. Introduction.
E N D
Vulnerabilities of Windows XP Brock Prince Dana Zottola ECE 578 Spring 2002 C.K. Koc
Outline • Introduction • Universal Plug and Play (UPnP) • Unchecked Buffer • Denial of Service • Distributed Denial of Service • Discovery of Vulnerabilities • Patch • Conclusions
Introduction • Universal Plug and Play is a valuable feature, and a growing trend in network systems • Windows XP claimed to be secure against hackers • 3 Vulnerabilities found related to UPnP in Windows XP
Universal Plug and Play (UPnP) • Detects and connects to: • Computers • Intelligent appliances • Wireless devices • Defines set of protocols for connection • Allows for easy configuration
Universal Plug and Play (UPnP) • Example: • User connects laptop to: • Network • Print server • DSL router • Fax machine • Other computers
Universal Plug and Play (UPnP) • Six basic layers: • Device addressing • Device discovery • Device description • Action invocation • Event messaging • Presentation or human interface
Remotely Exploitable Buffer • An attacker can gain remote SYSTEM level access to any default installation of Windows XP • Unchecked buffer in one of the components that handle the NOTIFY directives • Send a specially malformed NOTIFY directive, and it is possible for an attacker to run code in the context of the UPnP subsystem, which runs with System priviledges on Windows XP.
Denial of Service Attack • Denial of Service (DoS) attacks crash a system, and the user has to physically power cycle the machine to regain functionality • The UPnP feature of Windows XP leaves the system vulnerable to DoS attacks
Distributed Denial of Service Attack • Distributed Denial of Service (DDoS) attacks cause many systems to flood or attack a single host. • The UPnP and raw socket support features of Windows XP leave the system vulnerable to DDoS attacks • Raw Sockets (Not Related to UPnP)
Discovery of Vulnerabilities • eEye Digital Security • Believe there are several security issues with the UPnP protocol • Found 3 vulnerabilities within Microsoft’s implementation of UPnP • Alerted Microsoft immediately upon discovery of the vulnerabilities
Patch • Available soon after vulnerabilities discovered • Downloadable from: http://www.microsoft.com/technet/security/bulletin/MS01-059.asp
Conclusions • UPnP is a good idea • Windows XP is vulnerable upon default installation, but patch is available • Raw socket support still under debate
References • [1] http://www.microsoft.com/Downloads/Release.asp?ReleaseID=34951 • [2] http://www.microsoft.com/technet/security/bulletin/ms01-059.asp • [3] http://www.eeye.com/html/press/PR20011220.html • [4] http://www.eeye.com/html/Research/Advisories/AD20011220.html • [5] http://special.northernlight.com/windowsxp/security_flaw.htm#doc • [6] http://grc.com/dos/xpsummary.htm • [7] http://special.northernlight.com/windowsxp/pentagon.htm#doc • [8] http://www.nwfusion.com/news/2001/1015threatxp.html • [9] http://www.irchelp.org/irchelp/nuke/ • [10] http://www.cnet.com/software/0-6688749-8-7004399-6.html