[ISN] Microsoft downplays Server bug threat, say researchers

From: InfoSec News <alerts_at_private>
Date: Wed, 11 May 2011 03:09:45 -0500 (CDT)

By Gregg Keizer
May 10, 2011

Microsoft is downplaying the threat posed by one of the three bugs the 
company patched today, said security researchers.

The update in question, MS11-035, patches a single vulnerability in WINS 
(Windows Internet Name Service), a component in every supported edition 
of Windows Server, including Server 2003, 2008 and the newest, Server 
2008 R2.

Attackers could exploit the WINS bug by crafting a malicious data 
packet, then shooting it at a vulnerable Windows Server box.

What irked researchers is that although Microsoft rated the bug as 
"critical," the company's highest threat ranking, it also pointed out 
that WINS is not installed by default, citing that as a mitigation 


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 11 2011 - 01:09:45 PDT

This archive was generated by hypermail 2.2.0 : Wed May 11 2011 - 01:16:29 PDT