Hackers step up search for unpatched servers

Organisations that have not patched their Microsoft servers against the WINS flaw need to act fast, says SANS
Written by Graeme Wearden, Contributor
Network administrators who have failed to patch their systems against the Microsoft Windows Internet Naming Service (WINS) vulnerability are now at much greater risk of attack.

The SANS Internet Storm Centre warned on Wednesday that it has detected a steep rise in probes directed at network ports handling WINS services over the past few days. It believes this is a sign that the vulnerability is being exploited by malicious hackers.

"If you have not patched your WINS servers in your respective companies or campuses, beware. Patching these systems is now overdue," said SANS.

According to statistics gathered by The Research and Education Networking Information Sharing and Analysis centre, this increase in activity began on 30 December, but became much greater on 1 January.

WINS, which is part of several Microsoft server products including NT 4.0 Server, Windows 2000 Server and Windows Server 2003, is used to identify the IP addresses of specific computers on a network.

Microsoft admitted back in December that WINS contained a flaw that could allow remote attacks to be launched against systems. Patches can be downloaded from the Microsoft Web site.

Editorial standards