Instantly and Easily Control Windows' Insecure, Exploit-Prone and
Probably Unnecessary Universal Plug and Play Network Support
|Page last modified: May 04, 2013 at 18:21||Developed by Steve Gibson|
All Users Immediately Disable Windows'
Universal Plug n' Play Support
Our 22 kbyte "UnPlug n' Pray" utility makes that very
Now compatible with ALL Versions of Windows!
Quoting from eEye's press release:
Translating eEye's and Microsoft's statements into consequences, this means that without the security update patch, and with the Universal Plug and Play (UPnP) system in its default "enabled" state, any of the many millions of Internet-connected UPnP-equipped Windows systems could be remotely commandeered and forced to download and run any malicious code of a hacker's design. This includes using the machine to launch potent Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
This means that extremely damaging CodeRed and Nimda-style worms can now be written for millions of Windows machines. Whereas the Microsoft IIS server worms of 2001 found and infested 'only' several hundred thousand IIS servers, a Windows "Universal Plug and Play" worm would have more than ten million XP systems, in addition to many more Windows 98/ME systems, upon which to prey today.
The highly respected Gartner Group has said that they expect hackers to incorporate the UPnP vulnerabilities into their attack tools by the end of the first quarter of 2002. Here's Gartner's Commentary.
consumers to take matters into their own hands:
|See the end of this page for additional press coverage of this developing issue.|
|Why did this disaster happen?|
The Universal Plug and Play service (UPnP), which is installed and running in all versions of Windows XP and may be loaded into Windows 98 and ME essentially turns every one of those systems into a wide-open Internet server. This server listens for TCP connections on port 5000 and for UDP 'datagram' packets arriving on port 1900. This allows malicious hackers (or high-speed Internet worms) located anywhere in the world to scan for, and locate, individual Windows UPnP-equipped machines. Any vulnerabilities known today or discovered tomorrow can then be rapidly exploited.
(Note that when enabled, XP's built-in Internet Connection Firewall (ICF), and some third-party personal firewalls, are effective in blocking this external access.)
Can't anyone make an honest mistake?
Consequently, the most troubling aspect of this issue is that the POTENTIAL for this insecurity was intentionally and needlessly designed into Windows XP from the start. ALMOST NO ONE uses or needs to have Universal Plug and Play enabled today. Yet every copy of Windows XP sold has it enabled and running by default.
or lack of honest concern, about security.
For Microsoft to proclaim that Windows XP is the most secure Windows operating system ever shipped while every copy has an unnecessary Internet server running makes a mockery of their professed commitment to security.
looking and very useful technology.
You should not read anything here as an indictment of Universal Plug and Play itself. In the wake of this latest exploit announcement I studied UPnP closely and wrote several experimental Universal Plug and Play protocol devices. The system has great potential and in several years it will grow into an important networking technology. But that's in the future.
Today, the overwhelming majority of Windows XP users have NO NEED for their machines to be running a security-compromising UPnP Internet server. Therefore, this UPnP service should simply be turned off by default and only activated when it is actually needed by the end user.
Incredibly, even after this grand debacle, Microsoft refuses to take the simple and obvious security measure of disabling the unnecessary UPnP Internet service.
the security of your personal computer.
means to shut down the dangerous and unnecessary
UPnP Internet server running in their machines.
|Questions, Answers, and Details about UnPlug n' Pray:
UnPnP Version History:
I hope you will find UnPlug n' Pray to be important, useful and reliable.
Gibson Research Corporation is owned and operated by Steve Gibson. The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
|Last Edit: May 04, 2013 at 18:21 (309.80 days ago)||Viewed 512 times per day|