[23650] in bugtraq
Re: Too much misleading advice on the Universal Plug-and-Play security
daemon@ATHENA.MIT.EDU (Matthew Caron)
Sat Dec 29 14:48:55 2001
Message-ID: <3C2B5321.2E2AA835@ele.uri.edu>
Date: Thu, 27 Dec 2001 11:58:09 -0500
From: Matthew Caron <matt@ele.uri.edu>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
>
> Once again for those of us that missed it in Microsoft's bulletin the first
> time:
> Affected Software:
> Microsoft Windows 98
> Microsoft Windows 98SE
> Microsoft Windows ME
> Microsoft Windows XP
>
> That means, and as I've said to one to many reporters, if
> you or someone you> know is running Windows 98/ME/XP then
> you/they need to install the patch.
Not true. From:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp
"Windows 98 and 98SE do not include a native UPnP service, but one can
be installed via the Internet Connection Sharing client that ships with
Windows XP."
Therefore 98 and 98SE are not inherently vulnerable. They are only
vulnerable if you've installed that service from XP.
--
My romantically involved friends are constant reminders of
the benefits, however few, of being single.
~~ Matt Caron ~~
