Tuesday, August 16, 2022

Microsoft investigates Windows Server flaw

Microsoft Corp. is investigating a security flaw in Windows server software that could allow an attacker to gain complete control over systems running the software, the company said.

The flaw lies in the Windows Internet Name Service (WINS), a network infrastructure component in Windows NT Server 4.0, Windows 2000 Server and Windows Server 2003. WINS provides a distributed database for registering and querying dynamic computer name-to-IP address mapping in a routed network.

Windows 2000 Professional, Windows XP and Windows Millennium Edition also contain WINS but are not affected by this security issue, Microsoft said.

By default, WINS is installed only on the Small Business Server editions of Windows 2000 Server and Windows Server 2003, according to Microsoft. However, in both cases WINS is available only on the local network and not from the Internet, the vendor said in an article on its Web site that described the problem.

Microsoft plans to offer an update to protect against this flaw as part of its monthly update cycle. Meanwhile, the vendor advises users to protect their systems by blocking TCP port 42 and UDP port 42 on their firewall, removing WINS if it is not needed or using IPSec (Internet Protocol Security) to protect traffic between WINS servers.

As of last Friday, Microsoft had not received reports of any successful attacks against customers as a result of this vulnerability, the company said.

Details of the WINS flaw were first published last Friday on the BugTraq mailing list by security company Immunity Inc.

More information on the flaw and Microsoft’s temporary fix can be found at: http://support.microsoft.com/kb/890710

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.