Microsoft to release DNS patch Tuesday

Article

Microsoft to release DNS patch Tuesday

Bill Brenner, Senior News Writer
If all goes to plan, Microsoft will include a patch for the DNS Server Service flaw in its next security update Tuesday.

Christopher Budd of the Microsoft

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Security Response Center said in a blog entry Thursday that a DNS patch is in the cards.

"We haven't seen any new information around attacks [but] the listing of updates slated for Tuesday does include the update we've been working on for this issue," he wrote. However, he added, "I do want to remind everyone that the information in the advance notification is subject to change, as we continue testing until we release on Tuesday."

Microsoft DNS:
DNS worm strikes at Microsoft flaw: A new worm called Rinbot.BC exploits the Microsoft DNS flaw by installing an IRC bot on infected machines and scanning for other vulnerable servers.

Microsoft investigates DNS server flaw: Attackers could exploit a DNS flaw in Microsoft Windows 2000 Server and Windows Server 2003 and run malicious code on the system. A workaround is suggested until a patch is issued.

Avoiding the scourge of DNS amplification attacks: DNS amplification attacks can generate enough bogus traffic to blow almost anyone off the Internet. Learn how these packet flood attacks work and how to defend your organization.

The DNS Server Service flaw, which has been attacked on a limited scale in recent weeks, is particularly troublesome because it affects DNS servers, which do the work of resolving domain names to the actual IP addresses of the Web servers hosting the requested sites.

The DNS Server Service fix will be part of a patch rollout that includes two updates for Windows, three for Office, one for Exchange and one for CAPICOM and BizTalk. Many of the updates will address critical security holes, Microsoft said in an advance bulletin on its TechNet Web site.

Meanwhile, the software giant will update its malware removal tool and offer a Webcast on the Microsoft Web site Wednesday at 11 a.m. PT. Customers can use the Webcast to ask questions about the patches.

The company will also release one non-security, high-priority update for Windows on Windows Update (WU) and Software Update Services (SUS) and six non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).