Internet Security Systems Preemptively Protects Customers From Vulnerability in Microsoft Windows Internet Naming Service
Internet Security Systems Preemptively Protects Customers From Vulnerability in Microsoft Windows Internet Naming Service
ATLANTA, Nov. 30 /PRNewswire-FirstCall/ -- Internet Security Systems (ISS) (NASDAQ:ISSX) today announced that a vulnerability has been discovered in the Microsoft Windows Internet Naming Service (WINS). A WINS server is a Microsoft NetBIOS name server that eliminates the need for broadcast packets to resolve a NetBIOS computer name to an IP address. The vulnerability was discovered in the WINS server replication feature, which allows one or more WINS servers to exchange information with each other about the computers on their respective networks. By default, WINS is installed and running on Microsoft Small Business Server 2000 and on Microsoft Windows Small Business Server 2003. WINS is off by default on all other Microsoft server operating systems.
Organizations that have deployed ISS products or using ISS managed services are preemptively protected against all threats targeting this vulnerability.
Organizations not protected by ISS preemptive solutions should note:
An attacker who successfully exploits this vulnerability could take complete control of an affected system, including installing malicious programs; viewing, changing, or deleting confidential information; or further network compromise.
Affected Infrastructure:
By default, WINS is not installed on:
* Windows NT Server 4.0
* Windows NT Server 4.0 Terminal Server Edition
* Windows 2000 Server
* Windows Server 2003.
By default, WINS is installed and running on:
* Microsoft Small Business Server 2000
* Microsoft Windows Small Business Server 2003
On all versions of Microsoft Small Business Server, the WINS component communication ports are blocked from the Internet and WINS is available only on the local network.
Available Protection:
Microsoft is currently developing a patch for this vulnerability. To mitigate exposure, it is recommended that organizations block TCP port 42 and UDP 42 at the firewall. Organizations that do not need WINS are encouraged to remove it from their systems if it has been installed. WINS is not enabled by default on Microsoft server operating systems with the exception of Small Business Server 2000 and Small Business Server 2003.
For the complete listing of Microsoft's suggested steps to mitigate exposure, please visit: http://support.microsoft.com/kb/890710/EN-US/ .
The full ISS X-Force alert can be found at: http://xforce.iss.net/xforce/alerts/id/184 .
For more information on Internet Security Systems(TM) preemptive protection offerings, please visit: http://www.iss.net/proof/preemptiveprotection/ .
About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise for more than 11,000 customers worldwide. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at http://www.iss.net/ or call 800-776-2362.
Internet Security Systems is a trademark and X-Force is a registered trademark of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.
Source: Internet Security Systems, Inc.
CONTACT: Jeff Nessler, +1-404-236-3026, or jnessler@iss.net , or Kathryn
Quigley, +1-404-236-3691, or kquigley@iss.net , both of Internet Security
Systems, Inc.
Web site: http://www.iss.net/
http://support.microsoft.com/kb/890710/EN-US
http://xforce.iss.net/xforce/alerts/id/184
http://www.iss.net/proof/preemptiveprotection
-------
Profile: intent
0 Comments:
Post a Comment
<< Home