[Dshield] XBox have the PnP bug?

stu secmail at patchsupplier.dyndns.org
Wed Aug 17 20:49:24 GMT 2005


I haven't found a solid answer but from
(http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx)
All versions of xp, 2000 and 2003 are vulnerable so I presume that
covered embedded too, under the not affected heading XPe isn't
mentioned.

I also found :

[Quote]
The Advantages of Using Windows XP Professional
May provide quicker updates and upgrades: Microsoft issues XP
Professional patches and service packs from time to time. Windows XP
Embedded patches and service packs may lag behind these updates by up to
a few weeks. (Note: Some patches and service packs released for Windows
XP may not be necessary for Windows XP Embedded builds, because the
patched components or drivers may not be necessary for the specific
build.)
[/Quote]
[Source =
http://msdn.microsoft.com/embedded/getstart/devplat/atm/atmreco/default.
aspx]

So as PnP is a core function of the OS, I also presume that it's on all
builds and is unlikely that the component will be removed. So therefore
they're most likely vulnerable and it will take a few more weeks for a
patch to be released.

Stu

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Joel Esler
Sent: 17 August 2005 21:19
To: General DShield Discussion List
Subject: Re: [Dshield] XBox have the PnP bug?

The bug is not "UPnP" it's "pnp" different.  but that would be
interesting to find out no?

On 8/17/05, stu <secmail at patchsupplier.dyndns.org> wrote:
> I was also thinking of XP Embedded. I ran a honeypot here with XP (no
> patches at all) and it got compromised quite quickly, the first few
> attempts caused it to reboot then it got infected.
> 
> I'm not totally up to speed with embedded but do you not have to
create
> a new image of the OS for each update to it? I'm thinking along the
> lines of POS (point of sale) devices on lans etc. Would be interesting
> to walk into your local staples and see their POS rebooting.
> 
> Anyone else upto speed on XPe?
> 
> Stu
> 
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Fergie (Paul
> Ferguson)
> Sent: 17 August 2005 16:37
> To: mcgoy at plumbearcat.com
> Cc: list at lists.dshield.org
> Subject: Re: [Dshield] XBox have the PnP bug?
> 
> That's a good question. :-)
> 
> I had read somewhere (on hack mods) that the XBox ran,
> basically, a "special" Win2k kernel, so no idea if this
> has the PnP vulnerability...
> 
> - ferg
> 
> 
> -- "David McGaughey" <mcgoy at plumbearcat.com> wrote:
> 
> 
> Anyone know if the Xbox has the PnP bug?  I'm sure the current exploit
> doesn't work against them, but was curious if anyone heard if the XBox
> needed a patch.  Only asking because I've seen a lot of UPnP traffic
> from an
> Xbox.
> 
> David McGaughey
> Lubbock, Texas
> mcgoy at plumbearcat.com
> 
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg at netzero.net or fergdawg at sbcglobal.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
> 
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list