Microsoft: WINS Patch Coming

Microsoft said it plans to issue a patch for a security flaw in Windows Server software that may allow attackers to gain control over systems running the program.

While it readies the fix as part of its usual monthly patch cycle, which takes place the second Tuesday of each month, Microsoft suggested that customers take some measures to protect themselves, such as blocking potentially vulnerable ports.

The vulnerability, reported by security firm Immunity Inc., was discovered in Windows
Internet Name Service (WINS). It makes it possible for an attacker to gain access to an organization’s WINS server from a remote location.

Danish security firm Secunia said the vulnerability is due to an error during the handling of replication packets. The flaw can be exploited to write 16 bytes to an arbitrary memory location by
sending specially crafted WINS replication packets to a vulnerable server.

Secunia labeled the flaw as “moderately critical.”

WINS, a network infrastructure component installed only on the Small Business Server
Editions of Windows NT Server 4.0, Windows 2000 Server and Windows Server 2003, is often
used by enterprises for name registration and name resolution.

Microsoft has recommended that network administrators remove WINS if it’s not needed,
and/or block TCP and UDP ports 42 at the firewall.

However, it may be impossible to disable the component without impacting the network,
said Microsoft.

Windows 2000 Professional, Windows XP, and Windows Millennium Edition also contain WINS
but are not affected by this security issue, Microsoft said.

As of Friday, Microsoft had not received reports of any successful attacks against
customers as a result of this vulnerability.