Hackers step up search for unpatched servers

Network administrators who have failed to patch their systems against the Microsoft Windows Internet Naming Service vulnerability are now at much greater risk of attack.

The SANS Internet Storm Center warned Wednesday that it has detected a steep rise in probes directed at network ports handling Windows Internet Naming Service (WINS) services over the past several days. SANS believes this is a sign that the vulnerability is being exploited by malicious hackers.

"If you have not patched your WINS servers in your respective companies or campuses, beware. Patching these systems is now overdue," said SANS.

According to statistics gathered by the Research and Education Networking Information Sharing and Analysis Center, the increase in activity began on Thursday but became much greater on Saturday.

WINS, which is part of several Microsoft server products including NT 4.0 Server, Windows 2000 Server and Windows Server 2003, is used to identify the Internet Protocol addresses of specific computers on a network.

The flaw was first made public in November by security software maker Immunity. Microsoft then acknowledged that the WINS flaw could allow remote attacks to be launched against systems.

Graeme Wearden of ZDNet UK reported from London.