Microsoft to release DNS patch Tuesday

By Bill Brenner, Senior News Writer 03 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Christopher Budd of the Microsoft Security Response Center said in a blog entry Thursday that a DNS patch is in the cards.

"We haven't seen any new information around attacks [but] the listing of updates slated for Tuesday does include the update we've been working on for this issue," he wrote. However, he added, "I do want to remind everyone that the information in the advance notification is subject to change, as we continue testing until we release on Tuesday."

Microsoft DNS: DNS worm strikes at Microsoft flaw: A new worm called Rinbot.BC exploits the Microsoft DNS flaw by installing an IRC bot on infected machines and scanning for other vulnerable servers. Microsoft investigates DNS server flaw: Attackers could exploit a DNS flaw in Microsoft Windows 2000 Server and Windows Server 2003 and run malicious code on the system. A workaround is suggested until a patch is issued. Avoiding the scourge of DNS amplification attacks: DNS amplification attacks can generate enough bogus traffic to blow almost anyone off the Internet. Learn how these packet flood attacks work and how to defend your organization.

The DNS Server Service flaw, which has been attacked on a limited scale in recent weeks, is particularly troublesome because it affects DNS servers, which do the work of resolving domain names to the actual IP addresses of the Web servers hosting the requested sites.

The DNS Server Service fix will be part of a patch rollout that includes two updates for Windows, three for Office, one for Exchange and one for CAPICOM and BizTalk. Many of the updates will address critical security holes, Microsoft said in an advance bulletin on its TechNet Web site.

Meanwhile, the software giant will update its malware removal tool and offer a Webcast on the Microsoft Web site Wednesday at 11 a.m. PT. Customers can use the Webcast to ask questions about the patches.

The company will also release one non-security, high-priority update for Windows on Windows Update (WU) and Software Update Services (SUS) and six non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Tags: Security Patch Management,  Network Protocols and Security,  Web Server Threats and Countermeasures,  Web Application and Web 2.0 Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe Network Protocols and Security How to keep networks secure when deploying an 802.11n upgrade Expert calls SSL protocol vulnerability a non issue How to prevent phishing attacks with social engineering tests How SSL-encrypted Web connections are intercepted DNSSEC deployment challenges can be overcome Microsoft issues SMB vulnerability advisory, patch pending Microsoft repairs Windows media, TCP/IP vulnerabilities How to test IPv6 infrastructures DNSSEC deployments gain momentum since Kaminsky DNS bug Kaminsky interview: DNSSEC addresses cross-organizational trust and security Web Server Threats and Countermeasures Increase in Gumblar backdoors poses FTP credential problems VeriSign extends DDoS attack protection service Microsoft issues IIS FTP advisory, exploit code circulates Panda reports fast-spreading rogueware antivirus fraud rakes in millions Oracle issues quarterly patches, fixes database flaws Latest DDoS attacks extremely unsophisticated, experts say Stolen FTP credentials likely in massive website attacks Microsoft warns of IIS zero-day vulnerability How to find and stop automated SQL injection attacks How to spot attacks through Apache Web server log analysis

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary