RE: UPNP protocol problem (was) Windows XP Service Pack1 problem with activation

["Dodol Bali" <dodolbali () hotmail com>]

Hmm ... actually you have to enable XP's UPnP services, it's not enabled
by default. You might try:

1). Enable XP's internet connection firewall (ICF)
2). Do not enable XP's UPnP (or disable it if you have it on)
3). Activate XP
4). Install SP1
5). Re-enable XP's UPP if you need it.

-----Original Message-----
From: Max Kennedy [mailto:mxkennedy () fuse net] 
Sent: Friday, September 13, 2002 3:18 PM
To: vuln-dev () security-focus com
Subject: UPNP protocol problem (was) Windows XP Service Pack1 problem
with activation

(UPNP problem mentioned third paragraph down.  I believe its the
first public attempt to talk about it)

"I would challenge you to show me another business that is required to
provide fixes for a product that you have stolen.  They are limiting the
updates to legitimate licensees.  If said licensee has decided to (for
whatever reason, good or bad) modify the code and / or files so that the
software does not 'function as designed' (Product Activation...), can
you
not expect that there is a possibility that the patch/update won't
work?"

Fixes are not "benefits" to the customer, they are required so you are
not
rightfully sued by the customer or thrown in jail for negligence.  I was
talking
about the wording of a Microsoft document, not the fact that they are
trying
to limit downloads to customers.  It shows the same lack of being
responsible
on Microsoft's part.  I throw back your challenge to you in your face.
People
who make baby buggies don't replace them on recalls for the benefit of
the
customer, they do it because it is required of them in a lawful society
and
because it is the right thing to do.

Case in point: It was mentioned earlier this year that the universal
plug and
play discovery modules had buffer overflows, problem fixed, and a
'weakness' in its protocol, problem still unfixed.

My system was essentially compromised *on install* because of it.
Product
activation attempts to connect to the internet.  Win XP on bootup also
sends
out a general *broadcast* upnp message on startup.  (outlook also sends
out
upnp
messages by default, but they aren't general broadcast messages but
messages
specifically to the router).  On lats run by an isp where you have an
assigned
local ip address whether you are logged on or not, that essentially
means that
your broadcast message is attempting to connect to the whole city, and
it
does..

Windows XP goes out an attempts to connect to other upnp devices, which
namely are other windows systems since nothing else is really using that
protocol.  If the system is running as a gateway, your system may
automatically try to use it as your router.  And so it did.  With
multiple
systems on my lat.

You can say that you can turn upnp off but remember, this occurred right
on install, right out of the box, before any updates were applied, as
Microsoft's required product activation was being connected to on the
internet.

And it would be still be attempting to bridge to upnp gateways if
I hadn't turned off a bunch of stuff.  And as near as I can tell, not
all
these attempts are even hack attempts.  Windows xp mucks things up,
and goes out as a hack on its own.

Although a weakness in the upnp protocol was mentioned last year,
this is the first public message I am aware of that actually mentions a
real life example of it.

As far as Microsoft's wording, this is just an example of a moral
problem in our society, where x is not under the same standard as
y, because x is more powerful and a hypocrite.

FYI: The problem mentioned with the service pack not returning
an error message earlier is probably a bug.  According to the
documentation linked, it supposedly sends an error message out to those
it deems to be a pirate.  Surely it ought to have returned an error
message in my case as well, a real customer.  Alas, it didn't, and
I had to figure out how to prove my innocence to Microsoft on my own
so I could get the product I bought to work.  Prove my innocence,
doesn't
that remind anyone of a legal principle?