Latest Patch Tuesday Plugs DNS Holes

By Sean Michael Kerner | Mar 10, 2009 | Print this Page
http://www.enterprisenetworkingplanet.com/news/article.php/3809661/Latest-Patch-Tuesday-Plugs-DNS-Holes.htm

Users of Microsoft Windows Domain Name Server -- update your servers now.

Microsoft has issued its monthly Patch Tuesday update and Windows DNS top the list with four vulnerabilities that the company warns are likely to be exploited.

In all, Microsoft addresses six vulnerabilities in its March Patch Tuesday update, spread across only three Microsoft security advisories. On the surface, it may seem that March is a better month than most for Microsoft; its February update, in contrast, fixed 8 different vulnerabilities spread across four Microsoft security advisories.

Still, several of the problems tackled with the latest update hearken back to larger concerns relating to DNS, a critical technology in Internet infrastructure responsible for mapping IP addresses to domain names and directing users across the Web.

The only flaws rated as being likely to exploited from the March update are four items dealing with DNS and the Windows Internet Name Service Server, or WINS Server. Microsoft began identifying the likelihood of a vulnerability being exploited with the introduction of its exploitability index in August 2008.

"These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker's own systems," Microsoft said in its advisory.

Flaws in DNS became a big issue in 2008 with the disclosure by security researcher Dan Kaminsky that DNS could be "poisoned" by attackers, set to redirect users to arbitrary sites.

The latest Patch Tuesday update tackles a similar spoofing issue, targeting a flaw that Microsoft said could enable an attacker to consistently and reliably insert records in the DNS cache -- thereby redirecting users.

In the Kaminsky DNS flaw, which Microsoft patched in its own products back in July 2008, the fix relied on port randomization to ensure that a request wasn't spoofed. Microsoft's approach in its March update for its own DNS servers is somewhat different.

"The security update addresses the vulnerabilities by correcting the way that Windows DNS servers cache and validate queries," Microsoft said in its advisory. "And by modifying the way that Windows DNS servers and Windows WINS servers handle 'Web Proxy Autodiscovery Protocol' and 'Intra-Site Automatic Tunnel Addressing Protocol' registration."

Web Proxy Autodiscovery Protocol (WPAD) is a Microsoft-developed protocol to automatically configure Web browsers' proxy setting. Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an IPv6-to-IPv4 protocol that enables IPv6 traffic to operate on top of or beside traffic using the older IPv4 standard.

Windows Kernel updates

Microsoft is also providing what it said are critical patches for three vulnerabilities in the Windows kernel. The flaws deal with input validation errors that could lead to arbitrary code execution on a vulnerable PC.

"The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system," Microsoft warned.

The March update patches fix the flaws by changes the way the Windows kernel validates certain types of input handlers.

No Excel fix

Though Microsoft is addressing some serious flaws in the March update, it is not yet addressing a flaw in Excel that could enable a "poisoning" attack. The Excel flaw potentially exposes users to risk if they open or save an Excel file infected with malware. InternetNews.com reported on Friday that a Microsoft spokesperson said that the company is "still investigating" the Excel attacks.

Article courtesy of InternetNews.com