Reverend
February 10th, 2004, 21:43 PM
A security vulnerability exists in the Windows Internet Naming Service (WINS). This vulnerability exists because of the method that WINS uses to validate the length of specially-crafted packets. On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service, and the service would have to be manually restarted to restore functionality.
Affected Software:
Microsoft Windows NT® Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000 Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
:arrow: View: Microsoft Security Bulletin MS04-006 (http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-006.asp) (includes download locations)
:arrow: Source: Microsoft Security (http://www.microsoft.com/security/)
Affected Software:
Microsoft Windows NT® Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Server Service Pack 2, Microsoft Windows 2000 Server Service Pack 3, Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
:arrow: View: Microsoft Security Bulletin MS04-006 (http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-006.asp) (includes download locations)
:arrow: Source: Microsoft Security (http://www.microsoft.com/security/)