Microsoft DNS Service Under Fire

Microsoft is
confirming “very limited, targeted attacks” against its Windows
Server DNS (Domain Name System) Service.

The attackers are attempting to exploit a vulnerability in the
DNS Service that could potentially allow for arbitrary code
execution to run with the same privileges as the DNS Service
itself. DNS (define) is a core server service that translates IP
addresses into domain names that can be resolved.

“On Windows 2000 Server and Windows Server 2003 running the DNS
Server Service an anonymous attacker could try to exploit the
vulnerability by sending a specially crafted RPC packet to an
affected system,” Microsoft said in a security advisory Friday.

RPC (define) (Remote Procedure Call) is a commonly used
protocol that enables remote service requests across a network.

As a workaround for the issue, Microsoft is suggesting that
Windows Server users disable remote management over RPC capability
for DNS Servers through the registry key setting.

A Microsoft spokesperson noted that Microsoft will continue to
take further action to help protect customers by providing an
update through its monthly process or out-of-cycle depending on
customers’ needs.

The DNS flaw warning comes amid a flurry of other security
warnings and patches from Microsoft. Earlier this week, Microsoft
trotted
out five security bulletins, four for the Windows operating system
and one for its Content Management Server.

The software giant this month also patched
a significant animated cursor hole.

Article courtesy of internetnews.com

Add to del.icio.us
|
DiggThis

Latest Articles

Follow Us On Social Media

Explore More