The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Microsoft's Most Secure OS Ever, Windows XP, Subject To Major Security Hole

Microsoft's Most Secure OS Ever, Windows XP, Subject To Major Security Hole

by , 9:00 AM EST, December 21st, 2001

Sometimes there are events that happen in the computer world that just sort of write themselves into a funny article. Usually they involve Microsoft, and today we have just such an example. Microsoft released a patch to plug a security hole the size of Montana. A technology called Universal Plug & Play (UPnP) that is included in Windows XP, and can be either turned on or downloaded for Windows 98 and Windows ME, includes the unique ability to give a malicious hacker complete and utter control of the user's PC. Windows XP has been touted by Microsoft as being their most secure OS yet. Just to show they mean it, the company has released a patch to plug this hole. From a C|Net report:

"This is a serious vulnerability. People running Windows XP need to put the patch on right away," said Scott Culp, manager of Microsoft's Security Response Center.

Culp said users of Windows ME or Windows 98 only need the patch if they are running UPnP. Windows ME was released with UPnP built in, but the feature is turned off when customers install that operating system. Windows 98 doesn't have UPnP built in, so users of the OS don't need the patch unless they have installed UPnP separately, he added.

Culp said there are several ways people can exploit the security hole in UPnP. Someone who knows the Internet Protocol (IP) address of a specific PC can gain control of the computer through the Internet if the network doesn't have firewall security installed. Most corporations and many consumers, however, have firewalls installed to block these types of break-ins, he said.

More seriously, hackers who are inside the network can take over a PC without needing to know the PC's IP address. That's the case with cable Internet access, where people in the neighborhood share the same cable network, Culp said.

"With most cable modem users, there's a physical wire that feeds an entire neighborhood, and someone from that wire could attack anyone without needing to know the IP address," he said. "The attacker can take control of the PC and have access to all the files. They might as well be sitting in front of the keyboard."

Microsoft sat on the information until they had prepared a fix, a tactic the company has been wanting the freedom to use for the last few months. This subject has gotten a lot of media attention, and you can find more information in the full article. We also have other reports for your reading edification:

The Mac Observer Spin:

Oh, how we Mac users envy the Windows world with its rich proliferation of software and stuff. Or something. In our eyes, living in the rich world of Windows is all about waiting to download the next security patch before something bad happens. Admittedly, Microsoft has been able to release a patch for this problem before any attacks started, but that doesn't mean that everyone is going to download that patch.

Microsoft has patched most of the security holes in Windows and its various bits of software, but we still see virii and exploits like Code Red, Anna K., and I Love You wreck billions and billions of dollars of lost productivity around the world because Windows Lemmings don't all get the word. Windows XP does include the ability to ask MS's servers for updates, so there's a chance that most of the XP systems out there will get updated before the hackers figure out a way to allow the script kiddies to exploit this serious problem. In any event, pardon us while we are not surprised by the whole thing.

Recent TMO Headlines - Updated October 26th

Wed, 9:00 AM
Martian Notifier Smartwatch: $29.99
Tue, 8:43 PM
Apple Says It Will Return to Revenue Growth in December Quarter
Tue, 7:07 PM
Tim Cook: Giving Up Privacy with Siri and AI is a False Choice
Tue, 5:51 PM
macOS Sierra 10.12.1 Leaks New MacBook Pro Images
Tue, 5:02 PM
Apple Beats Guidance with Q4 Earnings, Guides Q4 Above Consensus
Tue, 2:20 PM
Existing Home Routers Could Be Used to Stop DDoS Botnet Attacks
Tue, 1:06 PM
TMO Daily Observations 2016-10-25: iMessage Wish List, Original iPod Music Collection
Tue, 11:55 AM
MyScript Nebo iPad Pro Note Taking App Temporarily a Free Download
Tue, 10:52 AM
tvOS 10.0.1 Update Improves Security, Skips Single Sign-on
Tue, 9:46 AM
AAPL Q4 2016 Earnings Report Coverage this Afternoon
Tue, 9:00 AM
Last Chance for The Award-Winning Mac Bundle
Tue, 8:00 AM
The 20 CDs Steve Jobs Gave Journalists with the First iPod
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!