{"id":3132,"date":"2017-06-27T00:30:00","date_gmt":"2017-06-26T22:30:00","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=3132"},"modified":"2024-10-05T18:57:34","modified_gmt":"2024-10-05T16:57:34","slug":"wins-is-legacy-vulnerable-and-should-not-be-deployed","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/06\/27\/wins-is-legacy-vulnerable-and-should-not-be-deployed\/","title":{"rendered":"WINS is legacy and vulnerable, use DNS instead"},"content":{"rendered":"

[German<\/a>]Today just a short note for Windows Administrators in enterprises. Windows Internet Name Service (WINS) is legacy and contains a vulnerability. Therefore WINS should not be deployed anymore. Switch to DNS instead.<\/p>\n

<\/p>\n

WINS has a DoS vulnerability<\/h2>\n

\"\"A few days ago I've published a German blog post WINS-L\u00fccke in Windows Server bleibt ungepatcht<\/a> (unfortunately I missed to release an English version). Therefore here are the details in brief: Microsoft's implementation of Windows Internet Name Service (WINS) on Windows Server contains a Denial-of-Service vulnerability.<\/p>\n

Security researcher from Fortinet has published recently the article WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server<\/a> with more details of the vulnerability. This vulnerability affects WINS server enabled as a role in Microsoft Windows Server 2008, 2012 and 2016. There is a memory corruption vulnerability, that can be used remotely by an attacker.<\/p>\n

\"WINS\"<\/a>
\n(Source: Fortinet)<\/p>\n

But this flaw requires, that WINS is activated on Windows Server as a role and has been configured.<\/p>\n

Microsoft won't patch this vulnerability<\/h2>\n

Fortinet's researcher reported this vulnerability to Microsoft in December 2016. Microsoft answered in June 2017:<\/p>\n

\u201ea fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it.\"<\/p><\/blockquote>\n

So in short: Microsoft won't fix that issue and recommend to switch from WINS to Domain Name System (DNS).<\/p>\n

Well, there is an official Microsoft recommendation<\/h2>\n

Within a Google+ post<\/a> for my German readers I mentioned my blog post and asked, whether WINS is still alive in business environments. Reader Karl Heinz (Quamar) wrote back:<\/p>\n

My experience is, that many enterprises still are using WINS, especially, because <\/em>Microsoft hasn't published a recommendation to move from WINS to DNS(Sec)<\/em>.<\/p><\/blockquote>\n

Well, a few days later, Karl Heinz added a 2nd comment to my post, mentions, that there is a recommendation, dated 05\/19\/2017, from Microsoft, advising to deactivate WINS and move to DNS. Within this document<\/a> Microsoft wrote:<\/p>\n

Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses.<\/p>\n

If you do not already have WINS deployed on your network, do not deploy WINS – instead, deploy Domain Name System (DNS). DNS also provides computer name registration and resolution services, and includes many additional benefits over WINS, such as integration with Active Directory Domain Services.<\/p>\n

If you have already deployed WINS on your network, it is recommended that you deploy DNS and then decommission WINS.<\/p><\/blockquote>\n

Well, there are no words about the WINS vulnerability I mentioned above. But the recommendation is clear: Deactivate legacy WINS and use Domain Name System (DNS).<\/p>\n

Similar articles:
\nSemi annual update channel for Windows Server 2016<\/a>
\nJune 2017 Patches causing Internet Explorer 11 printing issues<\/a>
\nJune 2017 security updates IE 11 printing issues confirmed<\/a>
\nFix KB4032782 for Internet Explorer 11 printing issues (June 2017)<\/a>
\nOutlook issues after June 2017 security updates<\/a>
\nMicrosoft Security Update Releases \u2013 CVE revisions<\/a>
\n32 TByte Leak with Windows 10 source code and more?<\/a>
\nMicrosoft closes critical vulnerability CVE-2017-8558 in Malware Protection Engine (June 23, 2017)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Today just a short note for Windows Administrators in enterprises. Windows Internet Name Service (WINS) is legacy and contains a vulnerability. Therefore WINS should not be deployed anymore. Switch to DNS instead.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[907,65,69,86,194,906],"class_list":["post-3132","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-dns","tag-microsoft","tag-security","tag-vulnerability","tag-windows","tag-wins"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=3132"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3132\/revisions"}],"predecessor-version":[{"id":35663,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/3132\/revisions\/35663"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=3132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=3132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=3132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}