Windows flaw exposes servers to attack


Windows flaw exposes servers to attack

A security flaw in Windows server software that could allow an attacker to gain complete control of systems running the software is being investigated by Microsoft.

The flaw lies in the Windows Internet Name Service (Wins), a network infrastructure component in Windows NT Server 4.0, Windows 2000 Server and Windows Server 2003.

Wins provides a distributed database for registering and querying dynamic computer name-to-IP address mapping in a routed network.

Windows 2000 Professional, Windows XP and Windows Millennium Edition also contain Wins but are not affected by this security problem, Microsoft said.

By default, Wins is installed only on the Small Business Server editions of Windows 2000 Server and Windows Server 2003, although in both cases Wins is available only on the local network and not from the internet.

Microsoft plans to offer an update to protect against this flaw as part of its monthly update cycle. Meanwhile, it advises users to protect their systems by blocking TCP port 42 and UDP port 42 on their firewalls, removing Wins if it is not needed or using IPSec (Internet Protocol Security) to protect traffic between Wins servers.

More information on the flaw and a temporary fix can be found at Microsoft's support website.

Joris Evers writes for IDG News Service

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy