UPnP malware "by end of week"

gallery

Experts have predicted that a virus or worm that exploits vulnerabilities in Windows Universal Plug and Play (UPnP) could be in circulation on the internet by the end of the week.

As reported by IT PRO, Microsoft has already released a patch to fix the flaw, but Tom Cross, X-Force researcher at IBM Internet Security Systems said that the vulnerability was so easy to exploit that he expected hackers to devise malware using the flaw to take over user's computers any time soon.

"Due to the ease of exploitation, we are taking this flaw very seriously and expect to see an exploit by the end of the week," said Cross

But Cross said that since the UPnP service is not universally enabled in the corporate environment, it is unlikely that this flaw will result in a worm like Zotob.

"Nonetheless, users of UPnP are exposed, so we urge organisations to download the patch from Microsoft as soon as possible, " he said.

The flaw affects computers running Windows XP with Service Pack 2 installed as well as Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2. All other versions of Windows including Vista are unaffected.

The vulnerability in UPnP could allow remote code execution. This memory corruption vulnerability is related to how HTTP requests to UPnP services are andled. Attacks using this vulnerability would have to originate from the same subnet as the vulnerable computer, according to Microsoft.

Email to a friend

Print this page