Microsoft Announces WINS Exploit

KingFish

Warm up the mouse buttons, it's patch time again for Windows users. Microsoft has acknowledged a flaw in the Windows Internet Naming Service (WINS) that could allow an attack to be launched against the system.

All systems using WINS, which include NT 4.0, Windows 2000, and Windows Server 2003, are affected.

The attack takes the form of a buffer overflow, where the WINS server is sent messages too large for it to handle. By carefully crafting specific data packets, an attacker could exploit this to execute arbitrary code on an affected machine. Secunia currently rates this as a "moderately critical" vulnerability.

Microsoft issued a directive temporarily fixing the issue, but points out that WINS is no longer installed by default and very few organizations still use it. Microsoft's advice is to restrict traffic between WINS servers using IP security features built into Windows. Or, if you're not using WINS, just turn it off.

Source: GEEK.com

primesuspect

People use WINS still?

my god, SWITCH TO DNS, PEOPLE

mmonnin

I was going to say, WTF is it.

primesuspect

It was what NT4 and prior used for name resolution in Windows domains. One of the gigantic architectural changes between NT4 and NT5 (2000) was that Active Directory used DNS for name resolution, as opposed to WINS. It was one of the few "Forward Thinking" things that MS did, and made 2000 sort of "compatible" with the global internet.

QCH

primesuspect wrote:

People use WINS still?

my god, SWITCH TO DNS, PEOPLE

<font size=1 color=gray> <i> We still use it.... running three versions of Domains... NT4, W2K Domain, and Advanced W2003 domain... need WINS for a bit longer until we decommission our NT4 domain in a few months... With over 5000 Windows PC's and less than 100 Windows support people, experiments and DOE reviews... been a tough battle testing and then migrating from NT4 to W2K... </font></i>

Yeah... what he said.... :shakehead