[German]Today just a short note for Windows Administrators in enterprises. Windows Internet Name Service (WINS) is legacy and contains a vulnerability. Therefore WINS should not be deployed anymore. Switch to DNS instead.
WINS has a DoS vulnerability
A few days ago I’ve published a German blog post WINS-Lücke in Windows Server bleibt ungepatcht (unfortunately I missed to release an English version). Therefore here are the details in brief: Microsoft’s implementation of Windows Internet Name Service (WINS) on Windows Server contains a Denial-of-Service vulnerability.
Security researcher from Fortinet has published recently the article WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server with more details of the vulnerability. This vulnerability affects WINS server enabled as a role in Microsoft Windows Server 2008, 2012 and 2016. There is a memory corruption vulnerability, that can be used remotely by an attacker.
But this flaw requires, that WINS is activated on Windows Server as a role and has been configured.
Microsoft won’t patch this vulnerability
Fortinet’s researcher reported this vulnerability to Microsoft in December 2016. Microsoft answered in June 2017:
„a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it.“
So in short: Microsoft won’t fix that issue and recommend to switch from WINS to Domain Name System (DNS).
Well, there is an official Microsoft recommendation
Within a Google+ post for my German readers I mentioned my blog post and asked, whether WINS is still alive in business environments. Reader Karl Heinz (Quamar) wrote back:
My experience is, that many enterprises still are using WINS, especially, because Microsoft hasn’t published a recommendation to move from WINS to DNS(Sec).
Well, a few days later, Karl Heinz added a 2nd comment to my post, mentions, that there is a recommendation, dated 05/19/2017, from Microsoft, advising to deactivate WINS and move to DNS. Within this document Microsoft wrote:
Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses.
If you do not already have WINS deployed on your network, do not deploy WINS – instead, deploy Domain Name System (DNS). DNS also provides computer name registration and resolution services, and includes many additional benefits over WINS, such as integration with Active Directory Domain Services.
If you have already deployed WINS on your network, it is recommended that you deploy DNS and then decommission WINS.
Well, there are no words about the WINS vulnerability I mentioned above. But the recommendation is clear: Deactivate legacy WINS and use Domain Name System (DNS).
Semi annual update channel for Windows Server 2016
June 2017 Patches causing Internet Explorer 11 printing issues
June 2017 security updates IE 11 printing issues confirmed
Fix KB4032782 for Internet Explorer 11 printing issues (June 2017)
Outlook issues after June 2017 security updates
Microsoft Security Update Releases – CVE revisions
32 TByte Leak with Windows 10 source code and more?
Microsoft closes critical vulnerability CVE-2017-8558 in Malware Protection Engine (June 23, 2017)