Earlier today, Mike Pintek of KDKA radio asked me to comment on-air about the FBI's statement that Windows XP could be vulnerable to attacks if steps are not taken. Based on FBI statements, it would seem that Windows XP is the only software that is susceptible - and that consequences are dire. In reality, Windows XP, Millenium and 98 are all susceptible - and the fix is easy. The feature that causes the problem is turned on by default in Windows XP but not in WinMe or Win98, which is why it causes so much concern for WinXP users.

The problem is that hackers could take advantage of a vulnerability in Windows' Universal Plug and Play feature to take control of your network. Plug and Play is the feature in which you can connect a hardware device such as a printer, network card, or modem, and have Windows automatically recognize that the hardware is on the system, thereby allowing it to set up for the new configuration automatically. Plug and Play has been in Windows for years. However, in Windows XP, UNIVERSAL Plug and Play has been set to turn on automatically on installation of that operating system. Universal Plug and Play also allows you to configure hardware devices around your entire network much the way standard PnP configures devices attached locally to your system. There is a vulnerability in uPnP that is exposed when it is turned on.

There are two simple fixes, both of which you should implement:

• Install a security patch made available by Microsoft.
• Turn off Universal Plug and Play (unless you absolutely need it - which is unlikely).

Here are the patches you need

• Windows XP
• Windows Me (clicking on this WinMe link will start the download)
• Windows 98 Second Edition
• Windows 98

More detailed technical information from Microsoft

• Windows XP
• Windows Millenium
• Windows 98 & 98SE