Important security fix for Xp

[woody]

h**p://www.microsoft.com/Downloads/Release.asp?ReleaseID=34951


Windows XP Security Patch: Unchecked Buffer in UPnP can lead to system compromise

This update resolves the “Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise” security vulnerability in Windows XP. Download now to prevent a malicious user from compromising your computer, or using it to interfere with another computer's operation. The vulnerability results because the Windows XP Universal Plug and Play feature does not correctly validate inputs before using them. The patch also eliminates the vulnerability discussed in Microsoft Security Bulletin MS01-054.

This was brought to my attention by one of the members.

Thanks Lethal!

[wildaces]

You can also read here and how to fix problem manually.

h**p://grc.com/UnPnP/UnPnP.htm

[fatboy]

Where can e find this Steve Gibson's little utility ?

Thx.

[wildaces]

Go to the link posted above.

[woody]

Pokopiko and Wild Aces are right.I applied the patch from Microsoft.I then used Shields Up to probe my ports.My computer was still vulnerable!I then used Steve Gibson's tool.I then did another port probe...everything was good!

[fatboy]

[QUOTEPokopiko and Wild Aces are right.I applied the patch from Microsoft.I then used Shields Up to probe my ports.My computer was still vulnerable!I then used Steve Gibson's tool.I then did another port probe...everything was good[/QUOTE]

I will 2nd that.

[Clooless]

I've decided not to bother with the UPnP settings. I'm behind a LinkSys router and after checking with ShieldsUp, I came up completely secure. One thing I did, which I think helps a lot, is to use the router to forward ports 137 to 139 (the ones used by NetBios) to a non-existent computer. In my case that would be ***.***.***.255 because I don't have a 255 on my network.

I do forward a couple more ports so I can access certain secure sites and run my FTP server, but I watch those pretty closely.