The flaw affects all versions of Windows Server, from NT through 2003 64-bit. Fortunately, Microsoft has a fix, and you�d better install it fast. According to SANS� Internet Storm Center, Internet watchers are reporting spikes in port 22 traffic � a pretty clear indication of attempts to subvert WINS, which is normally a LAN-only protocol.

A hacker exploits the flaw by sending a specially-crafted malicious packet to a WINS server. Although WINS servers are typically not Internet-accessible, they are still vulnerable to inside attacks launched by viruses. And some people have unwittingly exposed their WINS servers to the Internet, which is why hackers are diligently scanning the Internet right now looking for them. Once the hacker finds a vulnerable server, she can take it over completely.

Even if you�re currently on Active Directory, you should install this fix, to forestall problems should somebody inadvertently enable WINS on one of your servers. Indeed, many shops are running WINS without knowing it; it�s installed and enabled by default on Windows 2000 Server and Windows Server 2003.

Windows Server 2003 is slightly less vulnerable to takeover than 2000, but only because it usually crashes when attacked by this exploit. If it crashes three times in a row, it shuts down permanently until you manually restart it. So this exploit doubles as a Denial of Service attack.

One can only wonder that Microsoft rates this merely an �Important�, rather than �Critical�, alert.

Microsoft�s security bulletin MS04-045 is at:

http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx

The SANS Internet Storm Center is at:

http://isc.sans.org/