“Most organizations running WINS today probably aren’t actively using it for anything critical. They’ve just never had a compelling reason to show it off,” he said. “It’s been quietly replicating within the background, consuming minimal resources, causing no obvious problems. That’s the character of legacy infrastructure: It persists not since it’s needed, but because removing it requires effort and carries risk, while leaving it alone is free,” said Wright.
WINS is a security risk
WINS had major design limitations that made it a security risk, said Wright. “WINS has no mechanism to confirm the legitimacy of name registrations, which makes it vulnerable to spoofing attacks,” said Wright.
“An attacker on the network can register malicious entries, including Web Proxy Auto-Discovery (WPAD) records to intercept web traffic, or redirect connections to systems they control. It’s a simple path for lateral movement,” he said.