More security flaws found in XP

Such is the seriousness of a new security loophole recently found in Windows XP that the United States’ Federal Bureau of Investigation (FBI) has issued a warning to users.

  • E-Mail
By  Robin Duff Published  December 30, 2001

Microsoft’s claim that Windows XP is its most secure operating system ever is beginning to come under increasing scrutiny: such is the seriousness of a new security loophole recently found in the OS, that the United States’ Federal Bureau of Investigation (FBI) has issued a statement on the subject.

The FBI’s National Infrastructure Protection Centre (NIPC), which usually leaves computer security warnings to the private sector, has been in technical discussions with Microsoft to identify ways to minimise the risk from security holes in the XP software.

The software giant announced last week it had found two holes in its new operating system that could leave computers running it open to hackers and at risk of being temporarily shut down from a denial-of-service attack or used in such an attack on other computers.

In addition to installing the security patch available from Microsoft’s Web site, computer users running Windows XP should disable the “Universal Plug and Play” feature, if they are not using it, the NIPC said in its statement.

Microsoft’s Universal Plug and Play software allows devices added to a network to be automatically recognised and accessed. It is installed by default on XP systems, can be switched on in Windows ME systems and installed separately on the Windows 98 operating systems.

Microsoft and security experts have warned that hackers could take advantage of the feature to gain access to otherwise secure systems by overwhelming computers with data flow, a common method used by hackers.

The way that the software recognises new machines on a network could also be exploited by hackers to spoof their way into a system and take control in order to launch a denial of service attack, according to Microsoft.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code