Smithy sent in an email telling us about UnPlug n' Pray, a program created by Gibson Research to disable Universal Plug & Plug service in all versions of Windows, because of an announcement by Microsoft on the December 20th 2001 which revealed that the hackers at eEye had discovered multiple critical security flaws in all versions of Windows using Universal Plug and Play. This issue is by no means new, but I thought I'd let everyone know about the patch Gibson Research created to remedy possible security risks you may be open to.

 

"eEye has discovered three vulnerabilities within Microsoft's UPnP implementation: a remotely exploitable buffer overflow that allows an attacker gain SYSTEM level access to any default installation of Windows XP, a Denial of Service (DoS) attack, and a Distributed Denial of Service (DDoS) attack. eEye would like to stress the extreme seriousness of this vulnerability.

More info can be found on the Gibson Research website.