Microsoft Posts "Critical" Windows XP Patch

Microsoft Corp. posted a "critical" security patch for Windows XP today, and a digital security outfit called eEye claimed credit for finding the "major vulnerabilities" in the new OS that allows an attacker to gain system level access. Redmond, Wash.-based Microsoft posted on its site that the impact of the vulnerability is to allow someone to "run code of attacker's choice." Microsoft stock was falling after word of the security flaw surfaced. It was down $1.93 at about 2:30, to $67.56. Furthermore, Microsoft said that "customers using Windows 98, 98SE or ME should also apply the patch if the Universal Plug and Play service is installed and running." The patch can be found here. Aliso Viejo, Calif.-based eEye Digital Security put out a press release "announcing the discovery of major security vulnerabilities in Microsoft's UPNP (Universal Plug and Play) Service. The company said that Windows XP, by default, ships with a UPNP Service that can be used to detect and integrate with UPNP-aware devices. eEye said it alerted Microsoft's security team immediately upon discovery of the vulnerability and has worked closely with Microsoft on the patch and on alerting administrators worldwide.