A potential vulnerability in Windows 2000 Service Pack 4 and Windows XP Service Pack 1 has been publicly revealed by the French Security Incident Response Team. The organisation has drawn the ire of Microsoft by publishing details of a proof-of-concept exploit that targets the vulnerability.
According to the author, a specially crafted request to upnp_getdevicelist can cause services.exe to eat up memory to a point where the target machines virtual memory gets exhausted. As result, user requests like opening a window would slow to the point of not executing at all and precipitating a denial of service attack
Microsoft has admitted that the exploit is genuine. In a security advisory it confirmed the vulnerability with Windows 2000 and Windows XP Service Pack 1. However, Redmond points out that for the exploit to work on XP SP1, the hacker would have to have a valid login although the affected component is accessible by remote users with standard accounts. The company also confirmed that users with XP Service Pack 2 are not affected.
Microsoft is a little tetchy about the release of the exploit saying that it was ‘concerned that this new report of a vulnerability… was not disclosed responsibly, potentially putting computer users at risk’.