Microsoft Admits to New DNS Security Flaw
Posted by decipherinfosys on April 17, 2007
Microsoft published a security advisory (935964) last week warning of a newly discovered vulnerability in the DNS Server Service. The company has not released any fix or patch information, indicating that a patch may be rolled out on the next scheduled date, which is the second Tuesday of every month (in this case May 8).
The affected products are:
- Windows 2000 Server SP4
- Windows 2003 Server SP1
- Windows 2003 Server SP2
*Windows XP SP2 is not affected.
Details are still sketchy, but initial reports indicate that a successful exploit of this vulnerability could allow an attacker to run malicious code under the security context of the Domain System Server Service, which runs under Local SYSTEM. This can result in a stack-based buffer overrun in the DNS Server’s Remote Procedure Call (RPC) interface.
Microsoft has suggested some preventative measures that can be taken:
- Block unsolicited inbound traffic on ports 1024-5000 using IPSec or a Firewall.
- Implement advanced TCP/IP filtering options on the network interfaces of the DNS server.
- Disable the DNS remote management over RPC feature, which is done by editing the following registry key:
Note: Always take a backup of your existing registry settings prior to making any changes.
– Once you have navigated to the key, select Edit -> New -> DWORD Value
– Double-click on the newly created value and change the data to the number 4
– Close the registry and restart the DNS service.
Additional information regarding this vulnerability can be found at Microsoft: http://www.microsoft.com/technet/security/advisory/935964.mspx
Sorry, the comment form is closed at this time.