A security flaw in Windows server software that could allow an attacker to gain complete control of systems running the software is being investigated by Microsoft.
The flaw lies in the Windows Internet Name Service (Wins), a network infrastructure component in Windows NT Server 4.0, Windows 2000 Server and Windows Server 2003.
Wins provides a distributed database for registering and querying dynamic computer name-to-IP address mapping in a routed network.
Windows 2000 Professional, Windows XP and Windows Millennium Edition also contain Wins but are not affected by this security problem, Microsoft said.
By default, Wins is installed only on the Small Business Server editions of Windows 2000 Server and Windows Server 2003, although in both cases Wins is available only on the local network and not from the internet.
Microsoft plans to offer an update to protect against this flaw as part of its monthly update cycle. Meanwhile, it advises users to protect their systems by blocking TCP port 42 and UDP port 42 on their firewalls, removing Wins if it is not needed or using IPSec (Internet Protocol Security) to protect traffic between Wins servers.
More information on the flaw and a temporary fix can be found at Microsoft's support website.
Joris Evers writes for IDG News Service