Download Index

In-Depth Reviews

Tips & Tutorials

Updates

News

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Download of the day • Internet Explorer 8

Most Popular Software Downloads • Opera • Internet Explorer 7 • QuickTime for Windows • Winamp • Mozilla Firefox 3 • Ad-Aware 2008 Free • Adobe Flash Player • Paint Shop Pro • Adobe Shockwave Player • AVG Anti-Virus Free • 7-Zip Most Popular Software Articles • Windows Vista Tips & Tricks, Part 1 • Windows Vista: Worthy of the Hype? • Windows Wireless Zero Configuration: Five Steps to Sanity

Hackers After Patched WINS Servers
Hackers Seek Holes in Already Patched Vulnerability
Sean Michael Kerner

According to the Internet Storm Center (ISC) at the SANS Institute, hackers are trying to exploit an already patched Microsoft WINS Server vulnerability.

Microsoft patched the WINS Server Vulnerability in its MS04-45 security bulletin on Dec. 14. According to the bulletin, the Name Validation Vulnerability could allow an attacker to exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system.

However, the ISC and others are still recording hacker probes attempting to discover unpatched systems.

The ISC noted on its site that it had seen a "marked increase" since Dec. 31 in port scans directed at WINS services (usually port 42 on tcp). The Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) at Indiana University has also reported an increase in port 42 scanning since Dec. 31, with traffic exceeding 5000 packets every 15 minutes on Jan 1.

"So, if you have not patched your WINS servers in your respective companies or campuses, beware," ISC handler Scott Fendley wrote in a post. "Patching these systems is now overdue. Additionally, WINS services probably should not cross your border router. So please block these ports and keep the rif-raf out in case your local Windows Server Admins have not patched for this over the holidays."

A Microsoft spokesperson confirmed that the company is aware of the situation, though it downplayed the potential threat.

"One thing in particular is that WINS Servers are not meant to be Internet-facing, so any attack against WINS Server would be pretty limited," the spokesperson explained. "However, we're still really encouraging people to apply the update."

WINS is a network infrastructure that is often used by enterprises for name registration and name resolution. The WINS Server Vulnerability was first detected at the beginning of December. Before the patch was issued Microsoft recommended that network administrators block TCP and UDP ports 42 at the firewall or to remove WINS outright if it wasn't needed.

News courtesy of internetnews.com

January 6, 2005

View All Microsoft Service Packs

Contents:
1. Hackers Seek Holes in Already Patched Vulnerability