New WINS Attacks Predicted

Almost a month after Microsoft released a fix for a security issue in the WINS (Windows Internet Name Service) name server, malicious exploits continue to haunt tardy network administrators.

According to an alert from the SANS ISC (Internet Storm Center), there has been a startling increase in hacker probes directed at TCP port 42 and UDP 42, which handle WINS services.

"If you have not patched your WINS servers in respective companies or campuses, beware. Patching these systems is now overdue," the center warned.

Last month, Microsoft released the MS04-045 patch with a warning that a successful exploit could take complete control of an affected system, including installing programs; viewing, changing or deleting data; or creating new accounts that have full privileges.

The vulnerability, first detected last November, occurs in the way the WINS server handles computer name validation and association context validation.

WINS is a NetBIOS name server used to determine the IP address associated with a particular network computer.

Source: http://www.eweek.com/article2/0,1759,1748222,00.asp