On CBS.com: Sat Night Fights Returns to CBS 11/7 9pm
BNET Business Network:
BNET
TechRepublic
ZDNet

August 19th, 2009

Microsoft WINS vulnerability under attack

Posted by Ryan Naraine @ 12:09 pm

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Exploit code, Locally Running Web Servers, Malware, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Vulnerability, WINS, Microsoft Corp., Attack, Security, Ryan Naraine

Just one week after Microsoft issued a fix for a worm hole in the Windows Internet Name Service (WINS), malicious hackers have started launching attacks against unpatched systems.

The attacks, first spotted by the SANS Internet Storm Center, are hitting Microsoft Windows users who have not yet applied the MS09-039 update.

[ SEE: Microsoft: Exploits likely for 'critical' Windows vulnerabilities ]

The MS09-039 update, released earlier this month on Patch Tuesday, is rated “critical” and Microsoft warned at the time that it expected to see dangerous exploit code within 30 days.

According to SANS ISC (see chart), there has been a sharp spike in Internet activity associated with TCP Port 42 in recent days.   The vulnerability in question allows remote code execution attacks via specially crafted WINS replication packet to an affected system running the WINS service.

According to the IDG News Service, the attacks are originating from IP addresses in China.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 28 Talkback(s)
You are correct...
...about the later. NonZ is suspected by many on this site to be the guy who replaces the artwork in Xanadu (Gates' mansion).

(If this made no sense to you, when you enter Xanadu you are given... (Read the rest)
Posted by: 914four Posted on: 08/26/09 You are currently: a Guest | | Terms of Use
That's really dangerous  NonZealot | 08/19/09
Since when is WINS installed by default?  s_southern | 08/19/09
So...  zkiwi | 08/19/09
2000...  s_southern | 08/20/09
Lucky you...  zkiwi | 08/20/09
give his usual postings  kaninelupus | 08/26/09
LMAO, NZ  CrashPad | 08/19/09
LOL  Been_Done_Before | 08/19/09
Did you happen to notice...  jasonp@... | 08/21/09
Another victim...  914four | 08/26/09
He's a Microsoft troll trying to be facetious. [nt]  olePigeon | 08/24/09
It's no worse... or better...  ShadowGIATL | 08/24/09
That's really dangerous  GASGTO73@... | 08/24/09
Useless babble?  murdock@... | 08/24/09
re Useless babble?  GASGTO73@... | 08/24/09
Blah, Blah, Blah...  Onideus_Mad_Hatter | 08/25/09
the hamster died  pcguy777 | 08/24/09
Really Dangerous?  cerving | 08/25/09
You are correct...  914four | 08/26/09
RE: Microsoft WINS vulnerability under attack  larry@... | 08/19/09
RE: Microsoft WINS vulnerability under attack  Loverock Davidson | 08/19/09
RE: Microsoft WINS vulnerability under attack  twaynesdomain | 08/20/09
RE: Microsoft WINS vulnerability under attack  rvandaley@... | 08/24/09
OMG UR WRIGHT!!!  Onideus_Mad_Hatter | 08/25/09
RE: Microsoft WINS vulnerability under attack  jetsethi | 08/25/09
Well Considering The Population Of The Internet  Onideus_Mad_Hatter | 08/25/09
RE: Microsoft WINS vulnerability under attack  sirpaul1 | 08/25/09
Yeah, It's Always Great  Onideus_Mad_Hatter | 08/25/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc