SAN FRANCISCO: The FBI's National Infrastructure Protection Center has urged
users of Microsoft's Windows XP operating system to disable a feature that could
leave computers open to attacks from hackers.
In a statement issued on Saturday, the FBI's NIPC, which usually leaves
computer security warnings to the private sector, said it held technical
discussions with Microsoft Corp. and other industry experts on Friday to
identify ways to minimize the risk from security holes in the XP software, which
was launched in late October.
A Microsoft spokesman said he had no comment on Monday on the NIPC statement.
The software giant announced last week that it had found two vulnerabilities
in its new operating system that could leave computers running it open to
hackers and at risk of being temporarily shut down from a denial-of-service
attack or used in such an attack on other computers.
Under a denial-of-service attack, a server is flooded with so much Internet
traffic that it is made inaccessible to legitimate traffic. In addition to
installing the security patch available from Microsoft's Web site, computer
users running Windows XP should disable the "Universal Plug and Play"
feature, if they are not using it, the NIPC said in its statement.
Microsoft's Universal Plug and Play software allows devices added to a
network to be automatically recognized and accessed. It is installed by default
on XP systems, can be switched on in Windows ME systems and installed separately
on the Windows 98 operating systems.
Microsoft and security experts have warned that hackers could take advantage
of the feature to gain access to otherwise secure systems by overwhelming
computers with data flow, a common method used by hackers.
The way that the software recognizes new machines on a network could also be
exploited by hackers to spoof their way into a system and take control in order
to launch a denial of service attack, the company and experts said.
The NIPC has issued warnings since Sept. 11 for network administrators to be
on alert for possible distributed denial-of-service attacks, which could
interfere with e-commerce and slow-down the Internet if serious enough.
Microsoft has said that Windows XP is its most secure operating system ever.
Microsoft has shipped at least 650,000 copies of XP since it was launched Oct.
25, not including units that ship with new PCs, according to marker researcher
NPD Intellect.
(C) Reuters Limited.