The easy way to turn off Universal Plug-and-Play in Windows

From: Richard M. Smith (rms@computerbytesman.com)
Date: 12/28/01


From: "Richard M. Smith" <rms@computerbytesman.com>
To: <bugtraq@securityfocus.com>
Date: Fri, 28 Dec 2001 11:47:20 -0500

Hi,

Steve Gibson of Gibson Research has just released an easy-to-use utility
for turning off Universal Plug-and-Play (UPNP) in Windows XP/ME/98. The
utility, "UnPlug 'n Pray", is available for no charge at this download
page:

   http://grc.com/UnPnP/UnPnP.htm

This utility is a great tool for folks who would rather turn off UPNP
altogether on their Windows systems instead of having to keep up with a
steady stream of UPNP security patches from Microsoft.

This tool also confirmed that the FBI is currently giving out incorrect
instructions on how to protect a Windows XP from the UPNP security
holes. I followed the FBI instructions, but Steve's utility was still
needed to get the right XP services turned off. The FBI/NIPC Web page
that needs to get fixed is located at:

   http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm

Richard M. Smith
http://www.computerbytesman.com



Relevant Pages

  • [NT] UPNP - Multiple Remote Windows XP/ME/98 Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Windows XP ships by default with a UPNP service ... Denial-of-Service attack, ...
    (Securiteam)
  • Multiple Remote Windows XP/ME/98 Vulnerabilities
    ... Multiple Remote Windows XP/ME/98 Vulnerabilities ... Windows XP ships by default with a UPNP Service ... access to any default installation of Windows XP, ... Microsoft has released a patch and security bulletin which is located at: ...
    (NT-Bugtraq)
  • Multiple Remote Windows XP/ME/98 Vulnerabilities
    ... Multiple Remote Windows XP/ME/98 Vulnerabilities ... Windows XP ships by default with a UPNP Service ... access to any default installation of Windows XP, ... attack, and a Distributed Denial of Service attack. ...
    (Focus-Microsoft)
  • Multiple Remote Windows XP/ME/98 Vulnerabilities
    ... Multiple Remote Windows XP/ME/98 Vulnerabilities ... Windows XP ships by default with a UPNP Service ... access to any default installation of Windows XP, ... attack, and a Distributed Denial of Service attack. ...
    (Bugtraq)
  • [NT] Invalid Universal Plug and Play Request Can Disrupt System Operation
    ... Invalid Universal Plug and Play Request Can Disrupt System Operation ... Windows ME and XP include native UPnP ... manufacturers do, however, install it on the systems they sell) ...
    (Securiteam)