A vulnerability has been discovered in all supported Windows versions except Windows ME, which can be exploited by malicious people to disclose potentially sensitive information.

A vulnerability has been discovered in all supported Windows versions except Windows ME, which can be exploited by malicious people to disclose potentially sensitive information.

The problem is that the NetBIOS Name Service (port 137/udp) padds datagrams with random memory content when replying to Name Service queries. This can be exploited by sending Name Service queries to a system and then examining the responses.

Successful exploitation allows disclosure of arbitrary memory content, which potentially may reveal sensitive information.

Apply patches automatically via WindowsUpdate or manually.

Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A59CC2AC-F182-4CD5-ACE7-3D4C2E3F1326&displaylang=en

Windows Server 2003 64 bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=140CF7BE-0371-4D17-8F4C-951B76AC3024&displaylang=en

Windows XP:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1C9D8E86-5B8C-401A-88B2-4443FFB9EDC3&displaylang=en

Windows XP 64 bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=378D4B58-BF2C-4406-9D88-E6A3C4601795&displaylang=en

Windows 2000 (requires SP3/SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=D0564162-4EAE-42C8-B26C-E4D4D496EAD8&displaylang=en

Windows NT 4 Server (requires SP6a):
http://www.microsoft.com/downloads/details.aspx?FamilyId=F131D63A-F74F-4CAF-95BD-D7FA37ADCF38&displaylang=en

Windows NT 4 Terminal Server Edition (requires SP6):
http://www.microsoft.com/downloads/details.aspx?FamilyId=22379951-64A9-446B-AC8F-3F2F080383A9&displaylang=en