FBI Agency Revises XP Security Alert
The Federal Bureau of Investigation's National Infrastructure Protection Center has revised its
On Christmas Eve, the NIPC issued a bulletin advising Windows XP users to consider turning off the UPNP service to close a security hole that could allow hackers to break into a user's computer. That recommendation followed the
Now, in an updated security bulletin, the NIPC has dropped the recommendation to disable UPNP. Instead, the Washington, D.C.-based agency recommends that the
Marty Lindner, a team leader at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, says the original NIPC alert was updated after better information became available about the problem. Because of the Christmas and New Year's holidays, security experts weren't able to fully explore solutions to the problem at that time, he says.
"The quality of the information and the time to analyze it was short, so they put out the best information they could," Lindner says.
The security vulnerability was a buffer overflow that could allow distributed denial-of-service attacks and other intrusions, according to the NIPC. The problem also could affect Windows 98, 98SE, and ME, which use the UPNP service.
The UPNP service allows PCs to discover and use various network-based devices such as printers. Windows XP has native UPNP capability, which runs by default on the system. Windows ME also includes native UPNP capability, but it doesn't run by default. With Windows 98 and 98SE, UPNP must be installed via the Internet Connection Sharing client that ships with Windows XP.
Originally, the NIPC believed the buffer overflow problem was in UPNP itself, Lindner says. The problem was later found to be in one of the protocol services that actually implement the UPNP service.
Alfred Huger, vice president of engineering at SecurityFocus, an IT security firm in San Mateo, California, says that the NIPC "made a mistake in their fix" for the problem in its first bulletin. "The about-face was actually a correction," he added.
Charles Kolodgy, an analyst at IDC in Framingham, Massachusetts, says the updated bulletin from the NIPC may not end the discussion about the vulnerability.
"The bad part is it kind of makes it a little confusing for what users should do," he says.