The vulnerability is due to the method WINS uses to validate a packet's length before sending it on to the buffer. This method can cause a DoS condition on Windows Server 2003 because of a security feature in the operating system. The feature detects when a specially crafted packet has been sent to the WINS server to exploit a stack-based buffer overflow. When an attack is detected, the security feature forces the WINS service to shut down to prevent the attacker from triggering a buffer overflow.
WINS automatically restarts after forced termination by the security feature. However, after three successive automatic restarts, a manual restart is required.
Connections with WINS servers are initiated over ports 42/tcp and 137/udp.