New Windows DNS flaw gets exploited

Posted on Friday, Apr 13 2007 @ 14:11 CEST by Thomas De Maesschalck
A yet-to-be-patched bug in Windows 2000 Server and Windows Server 2003's DNS service has been exploited:
The attacks happen by sending rigged data to the service, which by design is meant to help map text-based Internet addresses to numeric Internet protocol addresses.

"An anonymous attacker could try to exploit the vulnerability by sending a specially crafted RPC packet to an affected system," Microsoft said in the advisory. RPC, or Remote Procedure Call, is a protocol applications use to request services from programs on another computer in a network. RPC has been involved in several security bugs before, including in the vulnerability that let the Blaster worm spread.

The French Security Incident Response Team deems the Windows DNS vulnerability "critical," its highest rating.

The DNS and RPC warning comes days after Microsoft issued its April security patches. At the same time security experts have issued warnings on multiple zero-day flaws in Office and another one in Windows.
More details at CNET.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments