Hackers have developed proof-of-concept code that attempts to take advantage of an unpatched Windows vulnerability to crash systems, according to a security alert from Microsoft which rates the risk as 'low'.

The code disables machines running Windows XP SP1 and Windows 2000 SP4 in certain configurations by taking advantage of flaws in Windows memory allocation functions.

The vulnerability manifests itself when a malformed request is made to the UPnP service in the data section of a call to the GetDeviceList function.

In handling this request, memory consumption on vulnerable Windows boxes increases to the point where the system becomes unresponsive. Repeated requests can therefore be used to mount denial of service attacks.

However, attacks on Windows XP SP1 would require user authentication, thus reducing the scope for mischief by remote hackers.

In addition Microsoft users running Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 are not affected by the vulnerability.
Windows 2000 shops are most at risk but effective firewalls are all that is needed to thwart attacks. Microsoft has yet to develop a security fix.

More stories on these topics:
Permalink  Comments  Forward
what do you think?
Click here for more Post your comment
Click here for more Send an email to the Computing editor at feedback@computing.co.uk
Reader comments for this story
Post your comment Post your comment   What is this?
Like this story? Spread the news by clicking a link:   Post this to Delicious del.icio.us     Post this to Digg digg this     Post this to reddit reddit!

related content
latest news
A VirginTrain
Communications
BulletVirgin Wi-Fi is hit by delays
Onboard web service due to arrive in 2007 is behind schedule  21 Aug 2008
NHS procedure
Public Sector
BulletConservatives seek "vision" for NHS IT policy
The British Computer Society will conduct an independent review of NHS IT policy  21 Aug 2008
crowd of people
Public Sector
BulletGovernment urged to scrap paper census
Better public sector data sharing would provide all the necessary information, says think tank  21 Aug 2008
Click here for more More news
latest in depth
EU flags
Public Sector
BulletData retention plans draw further criticism
Privacy fears over directive that will allow organisations to view emails, texts and web use  21 Aug 2008
Men using mobile phones
Management
BulletIT staff survive credit crunch
Firms recognise need for IT ­ – but staff must keep skills up to date  20 Aug 2008
Oyster card
Public Sector
BulletMixed reaction to decision by TfL to end Oyster contract
Transport for London cuts its ties with the TranSys consortium and begins plans for its replacement  21 Aug 2008
Click here for more More in depth

Advertising Marketplace

Sponsored links

Featured jobs

Netcool Designer / Engineer
Reading, Berkshire, United Kingdom | EDS
Job Title Netcool Designer / Engineer Location Reading Short Description: DII The DII project is contracted to supply both hardware and software infrastructure solutions to support the MoD transition to a common base solution, based ... more >
Information Manager
London, United Kingdom | Barts and The London NHS
 Information Manager - £28,924 - £38,591 pa inc - London   Applications are invited for the post of Information Manager in the Head Office of the Central and East London Comprehensive Local Research Network. The ... more >
Business Intelligence Specialists
London, United Kingdom | MI5
Business Intelligence Specialists - Competitive Salary + Excellent Benefits - London   Getting the best out of technology is critical to helping us protect the UK. Join MI5 and use your skills and experience to ... more >
Senior Business Analyst
London, United Kingdom | Utilyx
Senior Business Analyst - London Highly professional individual capable of working at senior / board level with blue chip clients - shaping and driving the analysis and design of their energy management solutions Proven capability ... more >
Click here for more  More job opportunities