Date: Sun, 23 Dec 2001 19:20:23 -0500 (EST) From: BCPL.NET SysAdmin To: BCPL.NET News Subject: BCPL.NET NEWS: Dangerous Windows Security Vulnerability ------------------------------------------------------------ MICROSOFT ANNOUNCES DANGEROUS WINDOWS SECURITY VULNERABILITY ------------------------------------------------------------ In case you missed it in the newspapers and on network TV news, Microsoft has announced that there is a dangerous security vulnerability in the Windows "Universal Plug and Play" (UPnP) service that can allow malicious access via the Internet to Windows computers that have UPnP installed. Microsoft has released a patch to fix the problem. The patch and more information about the UPnP vulnerability can be found on the Microsoft Web site at: http://www.microsoft.com/technet/security/bulletin/MS01-059.asp UPnP is a Windows service that allows computers to discover and use other devices located on a network. For example, a computer could use UPnP to detect whether there are printers on the network that it can use and learn how to use them. The following Windows versions are affected: o All PCs running Windows XP. UPnP is installed and activated by default in Windows XP. o All PCs running Windows ME to which UPnP has been added. Windows ME has UPnP capability, but it is not installed by default. It has to be added from the Windows ME installation CD. However some vendors who shipped PCs equipped with Windows ME did install UPnP, and some owners of Windows ME PCs may have installed UPnP themselves. o All PCs running Windows 98 and 98SE to which UPnP has been added. Windows 98 and Windows 98SE do not have built-in UPnP capability. However UPnP capability can be added to Windows 98 and 98SE by installing the Internet Connection Sharing client from Windows XP. Windows 3.1, Windows 95, Windows NT and Windows 2000 do not support UPnP, so are not affected by the vulnerability. Microsoft strongly recommends that the UPnP patch be downloaded and installed immediately by all Windows XP users, and by all Windows 98, Windows 98SE and Windows ME users who have installed UPnP. -- BCPL.NET INTERNET SERVICES 320 York Road Towson, MD 21204-5179 U.S.A. CONTACTS: -------- Web Site: http://www.bcpl.net Administration & Policy: ispadmin@bcpl.net 410-887-6180 Sales, Renewals, Account Status: accounts@bcpl.net 410-887-4172 Technical Support (Help Desk): help@bcpl.net 410-887-3297 Usenet News Newsgroup Requests news-admin@bcpl.net 410-887-6180 E-Mail & Newsgroup Abuse Reports: abuse@bcpl.net 410-887-6180 Domain Name Service Issues: dnsadmin@bcpl.net 410-887-6180 FAX: 410-887-2091