X-Force Predicts Microsoft Exploit

ARMONK, N.Y. -- IBM (NYSE: IBM) today announced its Internet Security Systems (ISS) X-Force® research and development team predicts that the flaw in Microsoft Windows Universal Plug and Play (UPnP) technology announced today will experience exploitation by the end of the week. According to X-Force, the flaw in the UPnP service is easy to exploit, providing an attacker with complete control over the victim PC.

“Due to the ease of exploitation, we are taking this flaw very seriously and expect to see an exploit by the end of the week,” said Tom Cross, X-Force Researcher at IBM Internet Security Systems. “However, since the UPnP service is not universally enabled in the corporate environment, it is unlikely that this flaw will result in a worm like Zotob. Nonetheless, users of UPnP are exposed, so ISS is providing preemptive protection from this flaw for our customers, and we urge other organizations to download the patch from Microsoft as soon as possible.”

Universal Plug and Play is an architecture in Windows that supports peer-to-peer Plug and Play functionality for network devices. Through this flaw, a remote attacker could send a specially-crafted HTTP request to UPnP and overflow a buffer to execute arbitrary code on the system.

In addition to being protected from the UPnP flaw, IBM ISS customers were also preemptively protected from the flaw in Windows Animated Cursor (ANI), for which Microsoft provided a patch last week after exploits started to wreak havoc on the Internet. ISS has provided customers protection for this vulnerability since January 2005.

By persuading a victim to open a specially-crafted ANI file, a remote attacker could corrupt memory and execute arbitrary code on the system with the privileges of the victim. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or by sending it to a victim as an email attachment.

By taking a holistic approach to security research and tightly aligning X-Force analysis with the development of new protection technologies and solutions, IBM ISS consistently keeps customers ahead of existing and emerging threats.

The IBM X-Force alerts on these issues can be found in the Internet Threat Information Center section on http://www.iss.net

IBM Corp. (NYSE: IBM)