[Dshield] Windows 2000 users: "Patch now or else..."

Johannes B. Ullrich jullrich at euclidian.com
Sun Aug 14 19:26:44 GMT 2005

Daffy Duck wrote:
> With all this happening, would it be a good idea to disable UPnP and use
> Firefox and Thunderbird?

First of all, this exploit uses 'PnP', not 'UPnP'.

I was surprised too that PnP is accessible via the network, as typically
it is used for devices plug into the system locally.

UPnP (Universal Plug and Play) on the other hand is a service to
discover network resources and adjust firewall rules on the fly.

Your browser or e-mail client is not involved. This vulnerability can
hit you without you even being logged in to the system. Similar to
slammer, code red and all the other "regular worms".

In order to dodge this one, you need to do either:

- close port 445 (if possible with a host based firewall and at your
perimeter firewall).
- apply last Tuesday's MSFT patches, in particular MS05-039
- disconnect from the network
- install Linux

Any of these steps will help against this particular issue.

> Of course one would have to keep up with the patches for the Mozilla
> software, as well.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20050814/26b41d6a/signature.bin

More information about the list mailing list