Skip navigation

Multiple Vulnerabilities in Microsoft WINS

Reported December 14, 2004, by Microsoft


·         Microsoft Windows NT Server 4.0 Service Pack 6a

·         Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

·         Microsoft Windows 2000 Server Service Pack 3 and Service Pack 4

·         Microsoft Windows Server 2003

Two new vulnerabilities exist in Microsoft WINS. The first vulnerability stems from a flaw in the way that WINS handles computer name validation.  The other vulnerability is in the way that WINS handles association context validation. An attacker could exploit these vulnerabilities by constructing a malicious network packet that could potentially allow remote code execution on an affected system.

Microsoft has released Security Bulletin MS04-045, "Vulnerability in WINS Could Allow Remote Code Execution (870763)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

Discovered by Kostya Kortchinsky from CERT RENATER.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.