Sysadmins should already have purged WINS from their Microsoft Windows Server environments – but if they haven't, there's a new reason to take it for one last walk out behind the shed.
Fortinet's Honggang Ren says a WINS Server remote memory corruption vulnerability in the MS-proprietary name server isn't going to get fixed, because Redmond would rather it weren't used at all. Customers should have already replaced WINS with DNS.
Ren writes that the malformed WINS packets are all that's needed to trigger the bug.
“This vulnerability exists because Windows Server doesn’t properly deal with multiple pending WINS-Replication sessions,” the post states.
If there are more than three such sessions, the list pointers become corrupted because “the same buffer is deallocated to the list pool multiple times.”
Remote memory corruption is always entertaining: do it right, and the attacker gets to run arbitrary commands in the context of the victim user.
Fortinet says its FortiGuard Labs reported the issue to Microsoft in December 2016, and has just received the response that it won't be fixed: “a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it.” ®