Home › News › Industry News

Exploit crashes unpatched Windows

On November 20, 2005, 3:40 PM

By taking advantage of flaws in Windows memory allocation functions, it is possible to knock over machines running Windows XP SP1 and Windows 2000 SP4 in certain configurations, it has been revealed. When a malformed request is made to the UPnP service in the data section of a call to the GetDeviceList function, this can be achieved. Proof-of-concept code has been developed by hackers that exploits this. Microsoft users running Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 do not have to concern themselves with this issue, since these systems are not vulnerable in this way.

This vulnerability manifests itself when a malformed request is made to the UPnP service in the data section of a call to the GetDeviceList function. In handling this request, memory consumption on vulnerable Windows boxes increase to the point where the system becomes unresponsive. Repeated requests can therefore be used to mount denial of service attacks.

Winny Thomas of Nevis Labs in India, the security researcher who developed the proof-of-concept code, readily concedes the Windows RPC memory allocation remote denial of service exploit he highlights is only a moderate risk. Microsoft is yet to develop a security fix. It criticises Thomas of publicising details of the flaw through FrSIRT, a full disclosure web site, instead of submitting it to Microsoft directly first.

No tags on this story

Next Article: VoIP marketing confusing

TechSpot on:

Most Popular

Trending

Featured

Featured on Cases

Downloads and Drivers

Downloads

Drivers

IObit Malware Fighter 2.0

Instantbird 1.4

BitTorrent Sync 1.0.134

Spybot - Search & Destroy 2.1.19

Google Chrome for Windows 27.0.1453.93

More Downloads

Latest Discussion

IPod Home Button Problems 11 replies on Other Hardware

How do I begin to build a custom computer? 13 replies on Other Hardware

Keyboard/Mouse Problems 5 replies on Other Hardware

How did my Windows key become disabled? 9 replies on Other Hardware

Which is the best smartphone to buy? 22 replies on Mobile Computing

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.

TechSpot

Welcome to TechSpot

Home › News › Industry News

Exploit crashes unpatched Windows

Next Article: VoIP marketing confusing

Post a new comment

TechSpot on:

Most Popular

Building a Thin Mini-ITX PC: Small and Silent Performance

Metro: Last Light Tested, Benchmarked

Microsoft officially announces Xbox One: here's what we know so far

'Supercapacitor' could fully charge your phone in less than 30 seconds

Bill Gates is once again the richest person in the world

Metro: Last Light Performance, Benchmarked

Building a Thin Mini-ITX PC: Small and Silent Performance

Metro: Last Light Review

Gigabyte U2442F Ultrabook Review

8 Free to Play Games That Are Too Good to Be True

Featured on Cases

92 Cooler Master HAF XB

88 SilverStone Sugo SG09

88 Cooler Master Silencio 650

88 SilverStone Fortress FT03

85 Corsair Vengeance C70

Downloads and Drivers

Latest Discussion

Subscribe to TechSpot

Featured Tech Content - Inside TechSpot

	Social Login & Guest Posting Post as anonymous user			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.