Microsoft sent out a message today that describes a serious security problem. It has been discussed in a public security forum so you can be sure that even dimwitted crackers know about the problem. I'm not going to post the whole thing - it probably would not be of interest. However, anyone using one of the OS's in the title should visit the link given below.

Sent: Thursday, December 20, 2001 12:46 PM
Subject: Microsoft Security Notification Bulletin MS01-059
Title: Unchecked Buffer in Universal Plug and Play can Lead
to System Compromise
Date: 20 December 2001
Software: Windows 98, Windows 98SE, Windows ME, Windows XP
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS01-059

Microsoft encourages customers to review the Security Bulletin at:
<a href="http://www.microsoft.com/technet/security/bulletin/MS01-059.asp." target="_blank">http://www.microsoft.com/technet/security/bulletin/MS01-059.asp.</a>

Above url didn't work as page has been removed, try here <a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp" target="_blank">Security flaw again!</a> <img src="frown.gif" border="0">

and Steve Ballmer called it the most secure software ever written....? <img src="rolleyes.gif" border="0">

The FBI does not seem to be entirely convinced by Microsoft's patch. The words that they use are kind of waffling ("For additional security if you are not using the UPnP service, disable it with the following steps.") The warning is posted here:
<a href="http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm" target="_blank">http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm</a>
It includes the procedure for disabling Universal Plug and Play (which is not the same thing as Plug and Play).

This topic is discussed in detail at:

<a href="http://grc.com/UnPnP/UnPnP.htm" target="_blank">http://grc.com/UnPnP/UnPnP.htm</A> it also supplies a small utility which disables the UPnP.

Mutt.

Cheers for that mutt. Disabled <img src="smile.gif" border="0">