Check Point Advisories

Microsoft WINS Denial Of Service (CVE-2003-0825)

Check Point Reference: CPAI-2004-111
Date Published: 6 Jun 2010
Severity: High
Last Updated: Tuesday 08 August, 2023
Industry Reference:CVE-2003-0825
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description The Windows Internet Name Service (WINS) provides a distributed database for the registering and querying of dynamic mappings of NetBIOS names to IP addresses. A WINS server accepts registration requests from hosts on the network and stores the received information in its database. There exists a vulnerability in the WINS service, which is included on most installations of Microsoft server operating systems from Windows NT 4.0 up. The WINS service which is included on most installations of Microsoft server operating systems from Windows NT 4.0 up, is vulnerable to a Denial of Service from a remote attacker. It may be possible to perform a remote code execution attack using this vulnerability. It is expected that a vulnerable WINS service would terminate upon receiving the malformed packets, denying service to all WINS users. By default, the service will restart the first three times it has been terminated. However, the server will be permanently terminated after the fourth exploit attempt. After the server has been terminated four times, the server requires that an administrator restart the service manually for service to continue.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Microsoft WINS Denial Of Service protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Application Servers Protection Violation.
Attack Information:  Microsoft WINS Denial Of Service

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.