nCircle Network Security recently announced new rules for their IP360 network security solution that identify the recently reported vulnerabilities in Windows XP. This latest rule set release for IP360 enables enterprises to identify systems that are running Windows 9x, ME, or XP where the Universal Plug and Play service is installed. The company asserts that without their software, it is difficult for enterprises to know which computers are running this software.
The vulnerabilities, announced December 20 by Microsoft, affect all versions of Windows XP as well as Windows 98, 98SE or ME if the Universal Plug and Play service is installed and running, and could potentially allow for remote buffer overflow, Denial of Service (DoS), and Distributed Denial of Service (DDoS). Patches are available from Microsoft.
The most serious vulnerability is a buffer overrun that makes it possible for an attacker to cause code to run in the context of the UPnP service, which runs with System privileges on Windows XP. This would enable the attacker to gain complete control over the system. The less serious vulnerability is a denial of service attack that can be used either to attack a single machine, and would slow or stop its performance, or in a distributed denial of service attack, in which the attacker would direct multiple machines to join forces against a different computer and swamp it with data.
nCircle makes the claim that their IP360 solution is the first product that delivers continuous, comprehensive information about the network that enables evaluation of security posture, proactive prevention of attacks and intelligent intrusion detection.