Author Topic: Microsoft Security Advisory (935964)  (Read 7178 times)

Offline Caroline Lyons

  • Administrator
  • Member
  • *
  • Posts: 1411
    • CLICtech Internet & Computing Solutions
Microsoft Security Advisory (935964)
« on: April 27, 2007, 01:00:11 AM »
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.
Published: April 12, 2007 | Updated: April 19, 2007

Microsoft is investigating new public reports of attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

Microsoft’s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM. Our ongoing monitoring in indicates that we are seeing new attacks to exploit the vulnerability by the Win32/Siveras bot family. Windows Live Safety Scanner and Windows Live OneCare can be used to detect currently known malware types that are attempting to exploit the vulnerability. Microsoft continues to strongly urge customers to deploy the registry workaround identified below to comprehensively mitigate all attempts to exploit the vulnerability through the various identified ports and authentication requirements.

Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Freelance IT Journalist/Tech