Many organizations rely on the Windows
Internet Naming Service (WINS) to help manage complex Windows
environments. WINS manages the association of workstation names and
locations with IP addresses, so the administrator doesn’t need to
make each configuration change.

In December of 2004, Microsoft confirmed
previously released information that this service includes a buffer
overrun flaw that can leave Windows servers–all versions,
including Windows NT–open to attack. In order for the attack to be
successful, the WINS service needs to be running.

Rated moderately critical, the flaw would
potentially allow an attacker to take control of a server and run
code of his or her choice. Microsoft recommends that users who don’t use WINS disable this service. If
you do use WINS, disable both TCP port 42 and UDP port 42 at the
perimeter firewall.

For more information about this issue, check
out Microsoft
Knowledge Base article 890710

Stay on top of the latest WS2K3 tips and tricks with our free Windows Server 2003 newsletter, delivered each Wednesday. Automatically sign up today!