|
|
If you haven't already, apply this patch now
Jan 05 2005-Here's another heads up for anybody running Windows Internet Naming Services, or WINS.
Hackers are stepping up their search for unpatched servers, SANS, in their Internet Storm Center, has stated today that they have seen a huge rise in probes on TCP port 42 and UDP port 42, the ports used by WINS.
Microsoft has not released a patch, but have released info on how to block specific network protocols and ports by using IPSec, here, or you can download a script that will create the ipsec policy for you, here. The easiest solution ofcourse is to just turn off WINS if it is not needed.
How to help protect against a WINS security issue We are investigating reports of a security issue with Microsoft Windows Internet Name Service (WINS). This security issue affects Microsoft Windows NT Server 4.0, Microsoft Windows NT Server 4.0 Terminal Server Edition, Microsoft Windows 2000 Server, and Microsoft Windows Server 2003. This security issue does not affect Microsoft Windows 2000 Professional, Microsoft Windows XP, or Microsoft Windows Millennium Edition.
By default, WINS is not installed on Windows NT Server 4.0, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Server, or Windows Server 2003. By default, WINS is installed and running on Microsoft Small Business Server 2000 and Microsoft Windows Small Business Server 2003. By default, on all versions of Microsoft Small Business Server, the WINS component communication ports are blocked from the Internet, and WINS is available only on the local network.
This security issue could make it possible for an attacker to remotely compromise a WINS server if one of the following conditions is true: • You have changed the default configuration to install the WINS server role on Windows NT Server 4.0, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Server, or Windows Server 2003. • You are running Microsoft Small Business Server 2000 or Microsoft Windows Small Business Server 2003, and an attacker has access to your local network.
Flaw opens crack in Windows servers A flaw in popular Windows server software could allow remote attacks to be launched against systems, Microsoft has confirmed.
The vulnerability is in Windows Internet Name Service, or WINS, a network infrastructure component of server products such as Windows NT 4.0 Server, Windows 2000 Server and Windows Server 2003, Microsoft said Tuesday. The company has issued a temporary work-around for the problem while it works on an update to fix the vulnerability.
Hackers step up search for unpatched servers Network administrators who have failed to patch their systems against the Microsoft Windows Internet Naming Service vulnerability are now at much greater risk of attack.
|
