Microsoft investigates DNS server flaw

By SearchSecurity.com Staff 13 Apr 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

While the attack appears to be targeted and not widespread, we are monitoring the issue and are working with our MSRA partners to monitor and help protect customers. Adrian Stone, security researcher, Microsoft

A stack-based buffer overrun exists in the Windows DNS Server's remote procedure call (RPC) interface implementation on Windows 2000 Server and Windows Server 2003. An attacker can send a RPC packet to the interface and run malicious code on the system.

The vulnerability is reported in Microsoft Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft said Windows XP Service Pack 2, and Windows Vista does not contain the vulnerable code.

Microsoft said a security update is planned to fix the flaws and has issued a specific workaround that can be used until a patch is issued.

In its 935964 security advisory Microsoft said it's "initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local System."

Adrian Stone, a Microsoft researcher, said in the Microsoft Security Response Center blog that Microsoft has identified steps customers can take to protect themselves. Microsoft is urging customers to disable remote management over RPC capability for DNS Servers through the registry key setting. Users can also block unsolicited inbound traffic on ports between 1024 to 5000 and enable advanced TCP/IP filtering on systems.

"While the attack appears to be targeted and not widespread, we are monitoring the issue and are working with our MSRA partners to monitor and help protect customers," Stone said.

Tags: Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) man in the browser  (SearchSecurity.com) phlashing  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary