posted on Wednesday, December 01, 2004 8:21 PM by bradley

We may have WINS but we don't have an issue

You may have heard of a security issue with WINS and the original bulletin forgot that we install WINS on our SBS boxes.  Remember though the previous post about how “if the port is open” ...well the vulnerability ONLY exists if port 42 on your server is open to the outside.  Trust me.  Unless you are really really really stupid... you didn't open port 42.  The SBS connect to the Internet wizard doesn't open it and you'd have to manually open it.  You'd remember if you did.

If you don't believe me go to the Shields up/Ports up website and do a scan of your system. Click proceed, then “all service ports”.  You should see green for most of those ports and ONLY have open ports where you intend to have them open.

Bottom line.. we don't have an issue with WINS and don't unistall it!!  Roll over and go back to sleep.

Comments

# re: We may have WINS but we don't have an issue

Wednesday, December 01, 2004 11:19 PM by Martin P.
Susan,

You crack me up. I shall roll over now, and Go Back To Sleep.

Thanks for your site. I am really getting into SBS and your site is one I check EVERY day.

Thanks so much!

Martin P.
Anchorage, Alaska

# re: We may have WINS but we don't have an issue

Friday, December 03, 2004 8:20 AM by Wes Kendall
I think it may eventually be an issue if someone writes an executable that uses this exploit and then sends it to users via email.

Of course, once an exploit gets on your LAN, there isn't much that you can do about it except to make sure that you're patched against it.