Bugtraq mailing list archives
RE: Too much misleading advice on the Universal Plug-and-Play security hole
From: "David LeBlanc" <dleblanc () mindspring com>
Date: Sat, 29 Dec 2001 13:53:22 -0800
From: Richard M. Smith [mailto:rms () computerbytesman com]
"Customers using Windows 98, 98SE or ME should apply the patch if the Universal Plug and Play (UPNP) service is installed and running"
As Matt pointed out, it will only be there if you've installed Internet Connection Sharing that came with XP. I'm not 100% sure on this, being a long-time NT-Win2k-XP bigot who hasn't run the Win9x line since '95 was in beta.
BTW, another option that the FBI is offering at the
www.nipc.gov Web site is to turn off UPNP altogether: Update: "Universal Plug and Play Vulnerabilities" http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm Which is incorrect information that will leave you vulnerable because it tells you to turn off the WRONG service. NIPC, unfortunately, isn't a very good source of information right now. Vendor bulletins and this list are better (IMHO). David LeBlanc dleblanc () mindspring com
Current thread:
- Too much misleading advice on the Universal Plug-and-Play security hole Richard M. Smith (Dec 26)
- RE: Too much misleading advice on the Universal Plug-and-Play security hole Marc Maiffret (Dec 27)
- RE: Too much misleading advice on the Universal Plug-and-Play security hole Richard M. Smith (Dec 29)
- RE: Too much misleading advice on the Universal Plug-and-Play security hole David LeBlanc (Dec 30)
- RE: Too much misleading advice on the Universal Plug-and-Play security hole Paul Schmehl (Dec 29)
- Re: Too much misleading advice on the Universal Plug-and-Play security hole Matthew Caron (Dec 29)
- RE: Too much misleading advice on the Universal Plug-and-Play security hole Richard M. Smith (Dec 29)
- RE: Too much misleading advice on the Universal Plug-and-Play security hole Marc Maiffret (Dec 27)