Windows Servers Vulnerable to Takeover through WINS



A flaw in the Windows Internet Name Service (WINS) in Windows NT Server 4.0, Server 2000, and Server 2003 creates a security hole that would allow a cracker to gain full control over the network server, thereby putting corporate data at risk.

WINS is a network component that manages a distributed database of network stations by mapping computer names and IP addresses across a routed network. While other versions of Microsoft Windows include support for WINS, only the server versions are currently known to be infected, according to Microsoft.

Microsoft will patch this security flaw as part of it’s scheduled monthly update.

Dave’s Comment
This is a serious security issue. Until an update is released, network administrators can secure their systems by blocking their firewall’s TCP and UDP ports 42 and either removing WINS or using IPsec to secure the network traffic.

Call for Comments
What do you think? Leave your comments below.

References
Microsoft Security

About Todd Cochrane

Todd Cochrane is the Founder of Geek News Central and host of the Geek News Central Podcast. He is a Podcast Hall of Fame Inductee and was one of the very first podcasters in 2004. He wrote the first book on podcasting, and did many of the early Podcast Advertising deals in the podcasting space. He does two other podcasts in addition to Geek News Central. The New Media Show and Podcast Legends.