If normal security practices have been followed, and port 137 UDP has been blocked at the firewall, external attacks would not be possible. A patch is available that changes the behavior of Windows systems in order to give administrators additional flexibility in managing their networks. The patch allows administrators to configure a machine to only accept a name conflict datagram in direct response to a name registration attempt, and to configure machines to reject all name release datagrams. This will reduce but not eliminate the threat of spoofing. Customers needing additional protection may wish to consider using IPSec in Windows 2000 to authenticate all sessions on ports 137-139.
Microsoft created this patch to eliminate this security vulnerability.