1 / 14

Vulnerabilities of Windows XP

Vulnerabilities of Windows XP. Brock Prince Dana Zottola ECE 578 Spring 2002 C.K. Koc. Outline. Introduction Universal Plug and Play (UPnP) Unchecked Buffer Denial of Service Distributed Denial of Service Discovery of Vulnerabilities Patch Conclusions. Introduction.

rufin
Download Presentation

Vulnerabilities of Windows XP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Vulnerabilities of Windows XP Brock Prince Dana Zottola ECE 578 Spring 2002 C.K. Koc

  2. Outline • Introduction • Universal Plug and Play (UPnP) • Unchecked Buffer • Denial of Service • Distributed Denial of Service • Discovery of Vulnerabilities • Patch • Conclusions

  3. Introduction • Universal Plug and Play is a valuable feature, and a growing trend in network systems • Windows XP claimed to be secure against hackers • 3 Vulnerabilities found related to UPnP in Windows XP

  4. Universal Plug and Play (UPnP) • Detects and connects to: • Computers • Intelligent appliances • Wireless devices • Defines set of protocols for connection • Allows for easy configuration

  5. Universal Plug and Play (UPnP) • Example: • User connects laptop to: • Network • Print server • DSL router • Fax machine • Other computers

  6. Universal Plug and Play (UPnP)

  7. Universal Plug and Play (UPnP) • Six basic layers: • Device addressing • Device discovery • Device description • Action invocation • Event messaging • Presentation or human interface

  8. Remotely Exploitable Buffer • An attacker can gain remote SYSTEM level access to any default installation of Windows XP • Unchecked buffer in one of the components that handle the NOTIFY directives • Send a specially malformed NOTIFY directive, and it is possible for an attacker to run code in the context of the UPnP subsystem, which runs with System priviledges on Windows XP.

  9. Denial of Service Attack • Denial of Service (DoS) attacks crash a system, and the user has to physically power cycle the machine to regain functionality • The UPnP feature of Windows XP leaves the system vulnerable to DoS attacks

  10. Distributed Denial of Service Attack • Distributed Denial of Service (DDoS) attacks cause many systems to flood or attack a single host. • The UPnP and raw socket support features of Windows XP leave the system vulnerable to DDoS attacks • Raw Sockets (Not Related to UPnP)

  11. Discovery of Vulnerabilities • eEye Digital Security • Believe there are several security issues with the UPnP protocol • Found 3 vulnerabilities within Microsoft’s implementation of UPnP • Alerted Microsoft immediately upon discovery of the vulnerabilities

  12. Patch • Available soon after vulnerabilities discovered • Downloadable from: http://www.microsoft.com/technet/security/bulletin/MS01-059.asp

  13. Conclusions • UPnP is a good idea • Windows XP is vulnerable upon default installation, but patch is available • Raw socket support still under debate

  14. References • [1] http://www.microsoft.com/Downloads/Release.asp?ReleaseID=34951 • [2] http://www.microsoft.com/technet/security/bulletin/ms01-059.asp • [3] http://www.eeye.com/html/press/PR20011220.html • [4] http://www.eeye.com/html/Research/Advisories/AD20011220.html • [5] http://special.northernlight.com/windowsxp/security_flaw.htm#doc • [6] http://grc.com/dos/xpsummary.htm • [7] http://special.northernlight.com/windowsxp/pentagon.htm#doc • [8] http://www.nwfusion.com/news/2001/1015threatxp.html • [9] http://www.irchelp.org/irchelp/nuke/ • [10] http://www.cnet.com/software/0-6688749-8-7004399-6.html

More Related