Skip navigation
Menu
Security

Denial of Service in Microsoft Universal Plug and Play Service

Reported November 1, 2001, by Microsoft.

VERSIONS AFFECTED

All systems running Microsoft’s Universal Plug and Play, including:

  • Microsoft Windows XP

  • Microsoft Windows Me

  • Microsoft Windows 98 and 98SE

 

DESCRIPTION
A vulnerability exists in Microsoft Universal Plug and Play (UPnP) service that can cause a Denial of Service (DoS) condition. Because the UPnP service doesn't correctly handle invalid requests or multiple connections exceeding 1017, an attacker can use the vulnerability to create a DoS condition. The UPnP service is not enabled by default, but an attacker can enable it through the OEM channels. Microsoft recommends that users block ports 1900 and 5000 with a firewall.

 

VENDOR RESPONSE

The vendor, Microsoft, has released security bulletin MS01-054 to address this vulnerability and recommends that affected users apply the appropriate patch provided at one of the URLs given in the bulletin.

 

CREDIT
Discovered by Ken of Franklin Tech Unlimited.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
a digital padlock icon with multiple colors
Cybersecurity Workforce Sustainability Has a Problem. DEI Could Be the Solution.
May 06, 2024
the word acronym spelled out with wooden pieces
Cybersecurity Acronyms Cheat Sheet
May 06, 2024
clinician securely sharing sensitive healthcare data across mobile devices and medical practices
How to Ensure Data Protection, IT Security, and Compliance in Life Sciences
Apr 30, 2024
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024