SQL Server Performance

MS03-034 -Flaw in NetBIOS

Discussion in 'Forum Announcements' started by satya, Sep 4, 2003.

  1. satya Moderator

    Microsoft Security Bulletin MS03-034: Flaw in NetBIOS Could Lead to Information Disclosure (Q824105)

    Title: Flaw in NetBIOS Could Lead to Information Disclosure
    (824105)
    Date: 03 September 2003
    Software:
    - Microsoft Windows NT 4.0 Server
    - Microsoft Windows NT 4.0, Terminal Server Edition
    - Microsoft Windows 2000
    - Microsoft Windows XP
    - Microsoft Windows Server 2003

    Impact: Information Disclosure
    Max Risk: Low
    Bulletin: MS03-034

    Microsoft encourages customers to review the Security Bulletins at:
    http://www.microsoft.com/technet/security/bulletin/MS03-034.asp

    ....This vulnerability involves one of the NetBT (NetBIOS over TCP)
    services, namely, the NetBIOS Name Service (NBNS). NBNS is
    analogous to DNS in the TCP/IP world and it provides a way to find
    a system's IP address given its NetBIOS name, or vice versa.

    If best security practices have been followed and port 137 UDP has
    been blocked at the firewall, Internet based attacks would not be
    possible.



    Though this fix is not related to SQL Server, but most of the systems hosted with Windows OS, thought this would help.


    _________
    Satya SKJ
    Moderator
    SQL-Server-Performance.Com

Share This Page