Vulnerabilities of Windows XP

1
Vulnerabilities of Windows XP

• Brock Prince
• Dana Zottola
• ECE 578 Spring 2002
• C.K. Koc

2
Outline

• Introduction
• Universal Plug and Play (UPnP)
• Unchecked Buffer
• Denial of Service
• Distributed Denial of Service
• Discovery of Vulnerabilities
• Patch
• Conclusions

3
Introduction

• Universal Plug and Play is a valuable feature,
  and a growing trend in network systems
• Windows XP claimed to be secure against hackers
• 3 Vulnerabilities found related to UPnP in
  Windows XP

4
Universal Plug and Play (UPnP)

• Detects and connects to
• Computers
• Intelligent appliances
• Wireless devices
• Defines set of protocols for connection
• Allows for easy configuration

5
Universal Plug and Play (UPnP)

• Example
• User connects laptop to
• Network
• Print server
• DSL router
• Fax machine
• Other computers

6
Universal Plug and Play (UPnP)
7
Universal Plug and Play (UPnP)

• Six basic layers
• Device addressing
• Device discovery
• Device description
• Action invocation
• Event messaging
• Presentation or human interface

8
Remotely Exploitable Buffer

• An attacker can gain remote SYSTEM level access
  to any default installation of Windows XP
• Unchecked buffer in one of the components that
  handle the NOTIFY directives
• Send a specially malformed NOTIFY directive, and
  it is possible for an attacker to run code in the
  context of the UPnP subsystem, which runs with
  System priviledges on Windows XP.

9
Denial of Service Attack

• Denial of Service (DoS) attacks crash a system,
  and the user has to physically power cycle the
  machine to regain functionality
• The UPnP feature of Windows XP leaves the system
  vulnerable to DoS attacks

10
Distributed Denial of Service Attack

• Distributed Denial of Service (DDoS) attacks
  cause many systems to flood or attack a single
  host.
• The UPnP and raw socket support features of
  Windows XP leave the system vulnerable to DDoS
  attacks
• Raw Sockets (Not Related to UPnP)

11
Discovery of Vulnerabilities

• eEye Digital Security
• Believe there are several security issues with
  the UPnP protocol
• Found 3 vulnerabilities within Microsofts
  implementation of UPnP
• Alerted Microsoft immediately upon discovery of
  the vulnerabilities

12
Patch

• Available soon after vulnerabilities discovered
• Downloadable from
• http//www.microsoft.com/technet/security/bulletin
  /MS01-059.asp

13
Conclusions

• UPnP is a good idea
• Windows XP is vulnerable upon default
  installation, but patch is available
• Raw socket support still under debate

14
References

• 1 http//www.microsoft.com/Downloads/Release.asp
  ?ReleaseID34951
• 2 http//www.microsoft.com/technet/security/bull
  etin/ms01-059.asp
• 3 http//www.eeye.com/html/press/PR20011220.html
  
• 4 http//www.eeye.com/html/Research/Advisories/A
  D20011220.html
• 5 http//special.northernlight.com/windowsxp/sec
  urity_flaw.htmdoc
• 6 http//grc.com/dos/xpsummary.htm
• 7 http//special.northernlight.com/windowsxp/pen
  tagon.htmdoc
• 8 http//www.nwfusion.com/news/2001/1015threatxp
  .html
• 9 http//www.irchelp.org/irchelp/nuke/
• 10 http//www.cnet.com/software/0-6688749-8-7004
  399-6.html