We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

More MS plug 'n' pray

FBI advises turning off vulnerable XP PnP feature

A US government computer security agency is recommending that Windows XP users consider turning off XP's universal plug and play (UPnP) service to close a security hole that can allow hackers to break into a personal computer.

The recommendation, which follows a patch offered before Christmas by Microsoft, was posted on the website of the FBI's National Infrastructure Protection Center after discussions with Microsoft concerning UPnP's vulnerability.

The hole could lead to distributed DoS (denial-of-service) attacks and other intrusions, according to the NIPC, which is recommending that UPnP be disabled in systems where it's not being used.

Full directions on how to disable UPnP are included in the NIPC security bulletin.

The alert also suggests that systems administrators monitor and block ports 1900 and 5000, as increased activity on them can indicate active scanning by hackers seeking vulnerable systems.

Microsoft posted its own 'critical' security advisory about the security hole, which also affects Windows 98, 98SE and Me when using the UPnP service.

The UPnP service allows PCs to discover and use various network-based devices such as printers. Windows XP has native UPnP capability, which runs by default on the system.

Windows Me also includes native UPnP capability, but it doesn't run by default. With Windows 98 and 98SE, UPnP must be installed via the Internet Connection Sharing client that ships with Windows XP.

Spokespeople at the NIPC and Microsoft couldn't be reached for comment today.

Alan Paller, research director at the Sans Institute, an IT security agency in Maryland, said the new Windows XP vulnerability highlights what has been a constant concern of many users: software continues to arrive from vendors with major services turned on by default, rather than allowing users to choose the features they want to use.

"There's a huge need in the user community to not be given something where everything is broken," Paller said. "We're seeing it all over the place."


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model