Users of Microsoft Windows Domain Name Server — update your servers now.
Microsoft has issued its monthly Patch Tuesday update and Windows DNS top the list
with four vulnerabilities that the company warns are likely to be exploited.
In all, Microsoft addresses six vulnerabilities in its March Patch Tuesday update,
spread across only three Microsoft security advisories. On the surface, it may seem that
March is a better month than most for Microsoft; its February update, in
contrast, fixed 8 different vulnerabilities spread across four Microsoft security
Still, several of the problems tackled with the latest update hearken back to larger
concerns relating to
DNS, a critical technology in Internet infrastructure responsible for mapping IP
addresses to domain names and directing users across the Web.
The only flaws rated as being likely to exploited from the March update are four items
dealing with DNS and the Windows Internet Name Service Server, or WINS Server. Microsoft began identifying
the likelihood of a vulnerability being exploited with the introduction of its
exploitability index in August 2008.
“These vulnerabilities could allow a remote attacker to redirect network traffic
intended for systems on the Internet to the attacker’s own systems,” Microsoft said in
Flaws in DNS became a big issue in 2008 with the
disclosure by security researcher Dan Kaminsky that DNS could be “poisoned” by attackers,
set to redirect users to arbitrary sites.
The latest Patch Tuesday update tackles a similar spoofing issue, targeting a flaw
that Microsoft said could enable an attacker to consistently and reliably insert records
in the DNS cache — thereby redirecting users.
In the Kaminsky DNS flaw, which Microsoft patched in its own products back in July
2008, the fix relied on port randomization to ensure that a request wasn’t spoofed.
Microsoft’s approach in its March update for its own DNS servers is somewhat
“The security update addresses the vulnerabilities by correcting the way that Windows
DNS servers cache and validate queries,” Microsoft said in its advisory. “And by
modifying the way that Windows DNS servers and Windows WINS servers handle ‘Web Proxy
Autodiscovery Protocol’ and ‘Intra-Site Automatic Tunnel Addressing Protocol’
Web Proxy Autodiscovery Protocol (WPAD) is a Microsoft-developed protocol to
automatically configure Web browsers’ proxy setting. Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) is an IPv6-to-IPv4 protocol that enables IPv6 traffic to
operate on top of or beside traffic using the older IPv4 standard.
Windows Kernel updates
Microsoft is also providing what it said are critical patches for three
vulnerabilities in the Windows kernel. The flaws deal with input validation errors that
could lead to arbitrary code execution on a vulnerable PC.
“The most serious vulnerability could allow remote code execution if a user viewed a
specially crafted EMF or WMF image file from an affected system,” Microsoft warned.
The March update patches fix the flaws by changes the way the Windows kernel validates
certain types of input handlers.
No Excel fix
Though Microsoft is addressing some serious flaws in the March update, it is
not yet addressing a flaw in Excel that could enable a “poisoning” attack. The Excel
flaw potentially exposes users to risk if they open or save an
Excel file infected with malware. InternetNews.com reported on Friday that a
Microsoft spokesperson said that the company is “still investigating” the Excel
Article courtesy of InternetNews.com