5.1 Security Considerations for Implementers

Because some interfaces of this protocol are unauthenticated and do not perform authorization, a service that receives and acts on messages in this protocol can be used by an attacker to cause unwanted notifications to a console user. This occurred in the Windows implementation of this protocol (for more information, see [MSKB-330904]) and was not due to a code defect in the message server that acted on the protocol messages. It is recommended that this protocol not be implemented due to the lack of security features in the protocol.