Exploitation of Microsoft Universal Plug and Play flaw to hit by end of week

According to X-Force, the flaw in the UPnP service is easy to exploit, providing an attacker with complete control over the victim PC. “Due to the ease of exploitation, we are taking this flaw very seriously,” says Tom Cross, X-Force researcher at IBM ISS. “However, since the UPnP service is not universally enabled in the corporate environment, it is unlikely that this flaw will result in a worm like Zotob. “Nonetheless, users of UPnP are exposed, so ISS is providing pre-emptive protection from this flaw for our customers, and we urge other organisations to download the patch from Microsoft as soon as possible.” Universal Plug and Play is an architecture in Windows that supports peer-to-peer Plug and Play functionality for network devices. Through this flaw, a remote attacker could send an HTTP request to UPnP and overflow a buffer to execute arbitrary code on the system. In addition to being protected from the UPnP flaw, IBM ISS customers were also pre emptively protected from the flaw in Windows Animated Cursor (ANI), for which Microsoft provided a patch last week after exploits started to wreak havoc on the Internet. By persuading a victim to open an ANI file, a remote attacker could corrupt memory and execute arbitrary code on the system with the privileges of the victim. An attacker could exploit this vulnerability by hosting the malicious file on a web site or by sending it to a victim as an email attachment.