Attackers prey on Windows DNS server flaw

Powered by SC Magazine
 

Vulnerability in Windows Server 2000 and 2003 being used for malware attacks.

Microsoft is warning users of a new attack targeting a vulnerability in Windows Server 2000 and 2003. 

Users of Windows XP and Vista are not vulnerable to the attack, which targets the domain name system (DNS) server component by using a specially-crafted remote procedure call (RPC).

DNS servers are used to link a server's IP address to its domain name. When executed, the exploit allows an attacker to remotely execute code on the target machine.

The vulnerability was first reported by Microsoft on 13 April as a proof-of-concept. By 16 April, two variants of attacks on the vulnerability were reported.

Security firm Secunia rated the vulnerability as 'highly critical', the company's second-highest alert level. 

Microsoft has listed a number of methods for administrators to mitigate the vulnerability, including disabling certain ports on a firewall and editing the machine's DNS registry.

All these moves, however, will disable the ability to remotely manage a machine's DNS server component via RPC commands.

Microsoft said that the number of reported attacks is very limited, and the company plans to have the vulnerability patched by next month's Patch Tuesday release, although it has not ruled out an earlier patch if attacks persist.

"Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates do not pose a greater risk than the security issue we are addressing," said Microsoft Security Response Center researcher Christopher Budd.

Copyright ©v3.co.uk


Attackers prey on Windows DNS server flaw
 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3100

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 989

Vote