Microsoft Confirms WINS Flaw

thumbnail Microsoft Confirms WINS Flaw

Microsoft Corp. has issued a workaround for a newly discovered security issue in WINS (Windows Internet Name Service) that could lead to malicious code execution. Just days after research outfit Immunity Inc. issued an advisory, Redmond confirmed that the WINS vulnerability could make it possible for an attacker to take control of a WINS server […]

Written By: Ryan Naraine
Nov 29, 2004
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft Corp. has issued a workaround for a newly discovered security issue in WINS (Windows Internet Name Service) that could lead to malicious code execution.

Just days after research outfit Immunity Inc. issued an advisory, Redmond confirmed that the WINS vulnerability could make it possible for an attacker to take control of a WINS server remotely.

The issue affects Microsoft Windows NT 4.0 Server, Microsoft Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Server, and Windows Server 2003.

Windows 2000 Pro, Windows XP and Windows Millennium Edition (ME) are not affected by this vulnerability, according to the company. By default, WINS is not installed on any versions of Microsoft Windows.

Secunia released a separate advisory with a “moderately critical” flaw rating.

WINS is a NetBIOS name server used to determine the IP address associated with a particular network computer. The flaw exists in the WINS replication feature that allows one or more WINS servers to exchange information with each other about the computers on their respective networks.

In a Knowledge Base article released Sunday, the software giant recommended that WINS users block TCP port 42 and UDP 42 at the firewall level.

“These ports are used to initiate a connection with a remote WINS server,” the article said. “Blocking these ports at the firewall will help prevent systems that are behind that firewall from being attacked by attempts to exploit this vulnerability. It is possible that other ports may be found that could be used to exploit this vulnerability.

“The ports that are listed are the most common attack vectors. We recommend blocking all incoming unsolicited communication from the Internet.”

Microsoft officials also said organizations that don’t need WINS should remove it from affected Windows systems. Detailed instructions for removing WINS is provided in the company’s workaround notice.

Click here to read about a flaw in Microsoft’s ISA Server that could allow an attacker to spoof trusted Internet content.

Affected customers should also consider using the IP Security protocol to secure traffic between WINS Server Replication Partners.

Microsoft said a full-fledged fix is in development and will be released as part of its monthly patching cycle.

It is the second time this year that Microsoft will be releasing a fix for WINS. In February, the company’s MS04-006 patch corrected a code-execution bug in the method used by WINS to validate the length of specially crafted packets.

Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.

Recommended for you...

Trend Micro and Google Cloud Double Down on AI Security

The expanded alliance emphasizes AI-driven defenses, sovereign cloud capabilities, and new anti-scam protections for businesses worldwide.

Allison Francis
Jul 30, 2025
Arctera Updates Platform to Reduce AI Compliance Risks

Arctera updates Insight to help organizations capture, chronicle & contain AI data, easing compliance and unlocking insights from LLM interactions.

TA Wordpress
Jul 30, 2025
Channel Vet Frank Rauch Joining Morphisec in Advisory Role

Channel vet Frank Rauch joins Morphisec’s advisory board to boost MSSP strategy and partner growth with a prevention-first cybersecurity focus.

Jordan Smith
Jul 29, 2025
Azul Debuts Managed Services Program for Java-Focused Partners

Azul empowers MSPs with sublicensable Java insights, enabling code cleanup, vulnerability detection, and license compliance via Intelligence Cloud.

Jordan Smith
Jul 29, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.