Windows

    Windows XP Security Patch: Unchecked Buffer in UPnP Can Lead to System Compromise

    Select Language:
    This update resolves the “Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise” security vulnerability in Windows XP. Download now to prevent a malicious user from compromising your computer, or using it to interfere with another computer's operation.
    • Version:

      1

      File Name:

      Q315000_WXP_SP1_x86_ENU.exe

      Date Published:

      12/19/2001

      File Size:

      586 KB

      KB Articles: KB315000

      Security bulletins:MS01-054

        This update resolves the “Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise” security vulnerability in Windows XP. Download now to prevent a malicious user from compromising your computer, or using it to interfere with another computer's operation. The vulnerability results because the Windows XP Universal Plug and Play feature does not correctly validate inputs before using them. The patch also eliminates the vulnerability discussed in Microsoft Security Bulletin MS01-059.
    • Supported Operating System

      Windows XP

        • Windows XP Professional
        • Windows XP Home Edition
        1. Click the Download button on this page to start the download, or choose a different language from the drop-down list and click Go.
        2. Do one of the following:
          • To start the installation immediately, click Open or Run this program from its current location.
          • To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
      • Who should read this bulletin: Customers using Microsoft Windows XP Professional or Home Edition, or who have installed the Windows XP Internet Connection Sharing client on Windows 98 or 98SE.

        Impact of vulnerability: Run code of attacker’s choice.

        Maximum Severity Rating: Critical

        Recommendation: Microsoft strongly urges all Windows XP customers to apply the patch immediately. Customers using Windows 98, 98SE or ME should apply the patch if Universal Plug and Play support is installed and running.

        Affected Software:
        • Microsoft Windows 98
        • Microsoft Windows 98SE
        • Microsoft Windows Me
        • Microsoft Windows XP

    Popular downloads

      • 01

        DirectX End-User Runtime Web Installer

        The Microsoft DirectX® End-User Runtime provides updates to 9.0c and previous versions of DirectX — the core Windows® technology that drives high-speed multimedia and games on the PC.

      • 02

        Malicious Software Removal Tool

        This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

      • 03

        Microsoft Security Essentials

        Microsoft Security Essentials provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software.

      • 04

        Windows 7 Upgrade Advisor

        Download and run the Windows 7 Upgrade Advisor to see if your PC is ready for Windows 7. It scans your hardware, devices, and installed programs for known compatibility issues, gives you guidance on how to resolve potential issues found, and recommends what to do before you upgrade.

    Loading your results, please wait...

    Free PC updates

    • Security patches
    • Software updates
    • Service packs
    • Hardware drivers

    Microsoft Suggests

    Sign up for OneDrive and get 15 GB of free online storage.
    OneDrive now comes with 15 GB of free online storage
    Get more space for all your photos, videos, and documents.
    Sign up now