Tuesday, December 07, 2004

WINS Security Issue

Bad things happen. Very bad things happen when a widely-used piece of software can be buffer overflowed. This time it is WINS. Microsoft is still investigating the problem, but you can protect yourself by following the steps in the 890710 KB. Unfortunately, they only have suggestions, both being hard to implement: Block TCP/UDP port 42 and open it for your replication partners or get rid of WINS (as if that was easy).
Currently, there are no known incidents - and maybe WINS servers are too few worth attacking. If you do not implement one of the suggestions - after you have considered the situation carefully - at least follow the situation in the press and be ready to take action.

1 comment:

Anonymous said...

The KB article you've linked to has been updated with some scripts that *should* make it easier to block required ports on WINS servers.

Blocking everything you're not specifically wanting to publish at the edge is a standard security practice; mitigating potential attacks by internal clients is the focus of the article.

Cheers,
Tristank
blogs.msdn.com/tristank/