Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Patches WINS Vulnerability, Plugs Three Holes In SP2

Microsoft on Tuesday laid out five new security bulletins, including three that address problems in Windows XP Service Pack 2 (SP2), the massive security update rolled out in October, and one that fixes a vulnerability made public several weeks ago.

All of the issues in Windows cited Tuesday, however, were ranked by the Redmond, Wash.-based developer as merely "Important," the company's second-highest threat rating in its four-step system. Microsoft's recommendation for such bulletins is that customers "install the update at the earliest opportunity."

"The most serious is the WINS vulnerability," said Oliver Friedrichs, the senior manager of Symantec's security response team. "It's the one that could lead to the most attacks because it was the one which was really out there [in public]."

That fix addresses a vulnerability in Windows NT, 2000, and Server 2003 that was publicized in late November by security organizations like Secunia and the SANS Institute's Internet Storm Center. The WINS component is often used by enterprises for name registration and name resolution functions.

At the time, some security professionals blasted the independent researcher for going public with his information before a patch was available, with the Storm Center calling the practice "irresponsible."

  • 1