[Dshield] MS05-039 exploits prove that pacthing "window" is getting shorter and shorter and...

John B. Holmblad jholmblad at aol.com
Thu Aug 18 02:46:24 GMT 2005


All,

this worm has given me reason to go back and examine the distinction 
between the PnP service in Microsoft Windows and its "evolutionary 
addition, uPnP, which is installed in Windows XP.  I did a quick check 
and, not surpassingly, all Windows OS's, XP, 2000 Pro, 2000 Server, 2003 
Server, and 2003 SBS have PnP installed as a service and enabled. Only 
WXP has uPnP installed with manual start (at least on the XP system that 
I checked).


What I do not understand is why the PnP service is even callable from a 
remote session whether it is an authenticated or a null session. To my 
understanding, the PnP service is to support installation of devices on 
the local machine, period so why should it ever accept a network based 
session via SMB in the first place. What am I missing here?

-- 
Best Regards,

John Holmblad

Televerage International
GSEC Gold,GCWN Gold,GGSC-0100,NSA-IAM

(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388

primary email address:     jholmblad at aol.com
backup email address:      jholmblad at verizon.net



More information about the list mailing list