nCircle Network Security
recently announced new rules for their IP360 network security solution that
identify the recently reported vulnerabilities in Windows XP. This latest rule
set release for IP360 enables enterprises to identify systems that are
running Windows 9x, ME, or XP where the Universal Plug and Play service is
installed. The company asserts that without their software, it is difficult for
enterprises to know which computers are running this software.
The vulnerabilities, announced December 20 by Microsoft, affect all
versions of Windows XP as well as Windows 98, 98SE or ME if the Universal Plug
and Play service is installed and running, and could potentially allow for
remote buffer overflow, Denial of Service (DoS), and Distributed Denial of
Patches are available from Microsoft.
The most serious vulnerability is a buffer overrun that makes it possible for
an attacker to cause code to run in the context of the UPnP service, which runs
with System privileges on Windows XP. This would enable the attacker to gain
complete control over the system. The less serious vulnerability is a denial of
service attack that can be used either to attack a single machine, and would
slow or stop its performance, or in a distributed denial of service attack, in
which the attacker would direct multiple machines to join forces against a
different computer and swamp it with data.
nCircle makes the claim that their IP360 solution is the first product that delivers
continuous, comprehensive information about the network that enables evaluation
of security posture, proactive prevention of attacks and intelligent intrusion