Security Home > Windows NT, 2000 & XP

Flaw in NetBIOS Could Lead to Information Disclosure New

A security vulnerability exists in the NetBIOS Name Service on Windows NT, 2000 and XP which could possibly allow a remote user to view random segments of memory on a user's computer.


Network basic input/output system (NetBIOS) is an application programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network.

This vulnerability involves one of the NetBT (NetBIOS over TCP) services, namely, the NetBIOS Name Service (NBNS). NBNS is analogous to DNS in the TCP/IP world and it provides a way to find a system's IP address given its NetBIOS name, or vice versa.

Under certain conditions, the response to a NetBT Name Service query may, in addition to the typical reply, contain random data from the target system's memory. This data could, for example, be a segment of HTML if the user on the target system was using an Internet browser, or it could contain other types of data that exist in memory at the time that the target system responds to the NetBT Name Service query.

An attacker could seek to exploit this vulnerability by sending a NetBT Name Service query to the target system and then examine the response to see if it included any random data from that system's memory.

If best security practices have been followed and port 137 UDP has been blocked at the firewall, Internet based attacks would not be possible.

Affected Products

  • Microsoft Windows NT 4.0 Server
  • Microsoft Windows NT 4.0, Terminal Server Edition
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003


Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: September 3, 2003

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<