News

WINS Exploit Posted

Security experts are warning users to lock down unused ports after an exploit surfaced for an unpatched flaw in Microsoft WINS.

"There is some activity with irresponsible released exploits against WINS. As a precaution [until] Microsoft gets a chance to release a patch for it, we can only reiterate the urgent and continued need to make sure you block the unneeded ports in your firewalls (either the XP2 or the corporate firewall)," the SANS Insitute handler on duty wrote in the security training company's daily security diary on Sunday.

Candidate ports for lockdown are port 42, 137-139 and 445, both TCP and UDP.

While it's unclear how big of a threat the vulnerability poses, the existence of exploit code makes the issue worth taking seriously. Microsoft's next Patch Tuesday, the day each month when the company releases all of its security patches, doesn't fall until Dec. 14.

A Microsoft spokesperson said, "Microsoft is currently already working on providing an update to address this vulnerability as part of our normal monthly update process. As soon as this update has reached an appropriate level of quality so that customers may deploy it with confidence, Microsoft will provide the update through Windows Update, either through the monthly release process or as an out-of-band update depending on quality and customer needs."

WINS stands for Windows Internet Naming Service. The service translates NetBIOS names, the easily remembered Windows machine names, to corresponding IP addresses. Microsoft has been phasing the technology out since launching Windows 2000, but the service remains fairly common.

The Microsoft spokesperson noted that WINS is not enabled by default and isn't normally configured on Internet facing servers. The spokesperson said Microsoft has not been made aware of any active exploits or customer impacts so far.

Microsoft has a Knowledge Base article (890710) about the issue at http://support.microsoft.com/kb/890710.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.