Windows flaw exposes servers to attack


Windows flaw exposes servers to attack

A security flaw in Windows server software that could allow an attacker to gain complete control of systems running the software is being investigated by Microsoft.

The flaw lies in the Windows Internet Name Service (Wins), a network infrastructure component in Windows NT Server 4.0, Windows 2000 Server and Windows Server 2003.

Wins provides a distributed database for registering and querying dynamic computer name-to-IP address mapping in a routed network.

Windows 2000 Professional, Windows XP and Windows Millennium Edition also contain Wins but are not affected by this security problem, Microsoft said.

By default, Wins is installed only on the Small Business Server editions of Windows 2000 Server and Windows Server 2003, although in both cases Wins is available only on the local network and not from the internet.

Microsoft plans to offer an update to protect against this flaw as part of its monthly update cycle. Meanwhile, it advises users to protect their systems by blocking TCP port 42 and UDP port 42 on their firewalls, removing Wins if it is not needed or using IPSec (Internet Protocol Security) to protect traffic between Wins servers.

More information on the flaw and a temporary fix can be found at Microsoft's support website.

Joris Evers writes for IDG News Service

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy