WINS Exploit Posted -- Redmond Channel Partner

WINS Exploit Posted

By Scott Bekker
November 29, 2004

Security experts are warning users to lock down unused ports after an exploit surfaced for an unpatched flaw in Microsoft WINS.

"There is some activity with irresponsible released exploits against WINS. As a precaution [until] Microsoft gets a chance to release a patch for it, we can only reiterate the urgent and continued need to make sure you block the unneeded ports in your firewalls (either the XP2 or the corporate firewall)," the SANS Insitute handler on duty wrote in the security training company's daily security diary on Sunday.

Candidate ports for lockdown are port 42, 137-139 and 445, both TCP and UDP.

While it's unclear how big of a threat the vulnerability poses, the existence of exploit code makes the issue worth taking seriously. Microsoft's next Patch Tuesday, the day each month when the company releases all of its security patches, doesn't fall until Dec. 14.

A Microsoft spokesperson said, "Microsoft is currently already working on providing an update to address this vulnerability as part of our normal monthly update process. As soon as this update has reached an appropriate level of quality so that customers may deploy it with confidence, Microsoft will provide the update through Windows Update, either through the monthly release process or as an out-of-band update depending on quality and customer needs."

WINS stands for Windows Internet Naming Service. The service translates NetBIOS names, the easily remembered Windows machine names, to corresponding IP addresses. Microsoft has been phasing the technology out since launching Windows 2000, but the service remains fairly common.

The Microsoft spokesperson noted that WINS is not enabled by default and isn't normally configured on Internet facing servers. The spokesperson said Microsoft has not been made aware of any active exploits or customer impacts so far.

Microsoft has a Knowledge Base article (890710) about the issue at http://support.microsoft.com/kb/890710.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

Organizations that want to extend the life of their Windows 10 PCs can begin buying extension plans from Microsoft's Cloud Solution Provider (CSP) partners on Sept. 1.
2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft is readying a new "Windows endpoint security platform" as part of its Windows Resiliency Initiative (WRI).
Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

Forrester has singled out Microsoft as the leading cloud hyperscaler in the increasingly AI-driven field of enterprise security analytics.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

WINS Exploit Posted

Featured

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

TCS Expands Microsoft Integration To Drive AI, Cloud Adoption

SoftwareOne Finalizes Crayon Acquisition, Deal To Close in Weeks

Channel Veteran Dan Wensley Named GTIA CEO

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

TCS Expands Microsoft Integration To Drive AI, Cloud Adoption

SoftwareOne Finalizes Crayon Acquisition, Deal To Close in Weeks

Channel Veteran Dan Wensley Named GTIA CEO

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Seamless Transitions: Migrating Your VMware Workloads to Azure

Azure Virtual Desktop: The Smart Choice for Remote Work Success

Veeam Data Cloud for Microsoft 365

Mastering Cost Management in Azure

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

Unlock the benefits of Microsoft Azure partnership

How Retailers Can Overcome 7 Common Tax Compliance Challenges

Tax Challenges Affecting the Manufacturing Industry