Installation package: Q269239.exe
This update resolves the "NetBIOS Name Server Protocol Spoofing" security vulnerability in some Windows-based networks. By installing this update you can prevent a malicious user from misusing the Name Conflict and Name Release mechanisms that are part of Windows Internet Name Service (WINS). If this vulnerability is exploited, Windows 2000 and Windows NT® 4.0 computers are unable to register a name on the network, or they can lose their current name registration, making these computers unavailable as network resources.The NetBIOS Name Server (NBNS) protocol, part of the NetBIOS over TCP/IP (NBT) family of protocols, is implemented in Windows systems as the Windows Internet Name Service (WINS). By design, NBNS allows network peers to assist in managing name conflicts. Also by design, it is an unauthenticated protocol and therefore subject to spoofing. Depending on the scenario, the computer would, as a result, either be unable to register a name on the network, or would relinquish a name it already had registered. The result in either case would be the same: the computer would not respond to requests because of the conflicted name.
For more information on this vulnerability, please read Microsoft Security Bulletin MS00-047. (This site is in English.)
Last Updated: October 03, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of use.