Microsoft DNS server flaw called dangerous

By Robert Westervelt, News Editor 13 Apr 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Vulnerability researchers are calling the flaw very serious. DNS servers are a critical piece of the Internet, as they convert domain names (such as "www.searchsecurity.com") into IP addresses.

A stack-based buffer overrun exists in the Windows DNS Server's remote procedure call (RPC) interface implementation on Windows 2000 Server and Windows Server 2003. An attacker can send a RPC packet to the interface and run malicious code on the system.

Christopher Budd, a security program manager for the Microsoft Security Response Center (MSRC), said Sunday in the Microsoft Security Response Center blog that proof of concept code to exploit the flaw is now publicly available for the flaw.

"Our ongoing monitoring of attacks in conjunction with our MSRA partners indicates that attacks are still limited," Budd said. "We continue to urge customers to deploy the workarounds in their environments as quickly as possible."

Microsoft also updated its 935964 security advisorygiving additional information about workarounds on systems with 15 character, or longer, system names.

This flaw affects the remote management part of the DNS server, but if someone is able to exploit it, they could change anything or impact the core functionality. Amol Sarwate, director of vulnerability research, Qualys Inc.

The vulnerability is reported in Microsoft Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft said Windows XP Service Pack 2, and Windows Vista does not contain the vulnerable code.

Nearly every company with a Website has a DNS server and most are running Windows 2000 or Windows 2003, said Amol Sarwate, director of the vulnerability research lab at Redwood Shores, Calif.-based network security vendor Qualys Inc. Sarwate believes Microsoft may rush out an out of cycle patch to address the issue.

The workaround suggested by Microsoft would turn off remote management of an affected server. Most servers are managed by system administrators remotely, Sarwate said.

"This flaw affects the remote management part of the DNS server, but if someone is able to exploit it, they could change anything or impact the core functionality," he said.

An attacker could ultimately tweak the IP address translation, forwarding potential victims to a malicious Web site.

Microsoft DNS flaw: Microsoft investigates DNS server flaw: Microsoft Windows 2000 Server and Windows Server 2003 and run malicious code on the system. A workaround is suggested until a patch is issued.

In its 935964 security advisory Microsoft said there have been reports of the flaw being exploited in the wild.

Adrian Stone, a Microsoft researcher, explained in the Microsoft Security Response Center blog the workaround needed for customers to protect themselves. The workaround involves disabling remote management over RPC capability for DNS Servers through the registry key setting. Users can also block unsolicited inbound traffic on ports between 1024 to 5000 and enable advanced TCP/IP filtering on systems.

Tags: Emerging Information Security Threats,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging Information Security Threats Antispyware buying guide for Indian enterprises ATM malware lets attackers take over machines FTC shutters rogue ISP for hosting malicious content, botnets The failing war against cybercriminals White House cybersecurity czar faces major hurdles Cybercrime and threat management The Pipe Dream of No More Free Bugs Face-off: Who should be in charge of cybersecurity? Federal efforts to secure cyberinfrastrucure Adobe working on patch to correct new zero-day flaw Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) man in the browser  (SearchSecurity.com) phlashing  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary