On CHOW: Turkey recipes
BNET Business Network:
BNET
TechRepublic
ZDNet
73 TalkBacks

By Joris Evers
Posted on ZDNet News: Apr 13, 2007 6:20:00 AM

Cybercrooks are using a yet-to-be-patched security flaw in certain Windows versions to attack computers running the operating systems, Microsoft warned late Thursday.

The attacks target Windows 2000 Server and Windows Server 2003 systems through a hole in the domain name system, or DNS, service, Microsoft said in a security advisory. The attacks happen by sending rigged data to the service, which by design is meant to help map text-based Internet addresses to numeric Internet Protocol addresses.

"An anonymous attacker could try to exploit the vulnerability by sending a specially crafted RPC packet to an affected system," Microsoft said in the advisory. RPC, or Remote Procedure Call, is a protocol that applications use to request services from programs on another computer in a network. RPC has been involved in several security bugs before, including in the vulnerability that let the Blaster worm spread.

The French Security Incident Response Team deems the Windows DNS vulnerability "critical," its highest rating.

The DNS and RPC warning comes days after Microsoft issued its April security patches. At the same time security experts have issued warnings on multiple zero-day flaws in Office and another one in Windows.

The latest vulnerability is a stack-based buffer overrun, Microsoft said. This is a common type of coding problem that has caused many headaches for Microsoft and Windows users. A successful attack will give full control over a vulnerable machine without any user interaction, Microsoft said.

There are "limited attacks" that exploit the issue, Microsoft said. The software maker said it is finishing a security update for Windows to repair the problem. Microsoft did not say when it plans to release the update. The company's next "Patch Tuesday" is on May 8, though if attacks increase a patch could be released out of that cycle.

While it works on the fix, Microsoft suggests several work-arounds for users of affected Windows versions. These include disabling remote management over RPC capability for DNS servers, blocking specific data ports using a firewall and enabling advanced filtering. Security firm Symantec on Thursday urged users to apply the work-arounds.

"Customers are advised to…apply the appropriate work-arounds as soon as possible, in the event that the attacks become more widespread," Symantec said in an alert sent to subscribers of its DeepSight security intelligence service.

Windows XP and Windows Vista are not impacted by the DNS flaw. Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are vulnerable, Microsoft said.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 73 Talkback(s)
and . . .
nt (Read the rest)
Posted by: Boot_Agnostic Posted on: 04/17/07 You are currently: a Guest | | Terms of Use
Again with the Windows expoits ?!?!?  Intellihence | 04/13/07
hey Stalking here is the osX exploits for 2007 read and weep  SO.CAL Guy | 04/13/07
Mac OS X Flaws  iMouse | 04/13/07
my only reason for the post was to show  SO.CAL Guy | 04/13/07
And where exactly...  jasonp@... | 04/13/07
he wasnt trolling, this time...  Omniscion | 04/13/07
Re: he wasnt trolling, this time...  joe6pack_z | 04/13/07
Probably...  Cardinal_Bill | 04/15/07
FMA!  olePigeon | 04/13/07
We all need to be running Apple servers  Boot_Agnostic | 04/13/07
Servers?  justanitguy | 04/13/07
Yeah, they have an OS and everything...  olePigeon | 04/13/07
Apple Servers  SGIOctane2 | 04/13/07
That's the hard part to press upon Zdnet posters  Boot_Agnostic | 04/14/07
Infidel!  Cardinal_Bill | 04/15/07
My robot heart is in turmoil  Boot_Agnostic | 04/16/07
How is Apple any better?  Illuminati | 04/16/07
and...  Illuminati | 04/16/07
You were free not to read my post  Boot_Agnostic | 04/17/07
and . . .  Boot_Agnostic | 04/17/07
Which ports  bjbrock | 04/13/07
well  Suicida| | 04/15/07
Exploit of the day  Chad_z | 04/13/07
Cybercrooks exploiting new Windows DNS flaw  Loverock Davidson | 04/13/07
Except by those included  bjbrock | 04/13/07
Very few  Loverock Davidson | 04/13/07
So, it's quite alright?  Ole Man | 04/13/07
You could save time by just automating your BS  deleweye | 04/13/07
Briliant IT Pro??  itanalyst | 04/13/07
I would have to be saying BS first  Loverock Davidson | 04/13/07
You are full of more than psych meds.  deleweye | 04/13/07
I'm full of knowledge  Loverock Davidson | 04/13/07
They want to know where to send the men with nets...  deleweye | 04/13/07
You're laughing  Loverock Davidson | 04/13/07
Knowlege? What Knowledge?  itanalyst | 04/13/07
Personally...  zkiwi | 04/14/07
Re: You could save time by just automating your BS  joe6pack_z | 04/13/07
ohh come on...you mean he hasn't??  mdsmedia | 04/13/07
re: ohh come on...you mean he hasn't??  joe6pack_z | 04/13/07
Some would consider the D-Day invasion...  jasonp@... | 04/13/07
D-Day?  Loverock Davidson | 04/13/07
There really is no "try"...  jasonp@... | 04/13/07
You succeeded alright  Loverock Davidson | 04/13/07
That's the difference between you and I...  jasonp@... | 04/13/07
preface all posts with "IGNORE THIS IF YOU HAVE AT LEAST HALF A BRAIN".  handydan918 | 04/13/07
And therein lies the problem  mdsmedia | 04/15/07
Only Affects Those Who Are Idiots and Morons  rkuhn040172@... | 04/13/07
Very nice - you sound just like Loverock!  Zeppo9191 | 04/13/07
Only Because It's True  rkuhn040172@... | 04/13/07
But you are assuming  rlehan@... | 04/13/07
If that's the case...  eljay001 | 04/14/07
Newsflash!  Ole Man | 04/13/07
Coincidentally, Microsoft's eOpen site did not resolve yesterday  myezzi@... | 04/13/07
The reason it affect idiots  bjbrock | 04/13/07
Close...  jasonp@... | 04/13/07
You are correct, this is a non issue  tshinder@... | 04/13/07
Precisely  rkuhn040172@... | 04/13/07
Could you please explain the difference  michael_t | 04/13/07
Moron vs Idiot explained?  fredfarkwater@... | 04/13/07
WHY HAVE OPEN PORTS ON AN EXTERNAL SERVER!?!?!?!  Heatlesssun1 | 04/13/07
Exactly.  thirdlife@... | 04/13/07
The trouble is  ILW | 04/13/07
And Im glad  Suicida| | 04/15/07
Apple has servers...  thirdlife@... | 04/13/07
I see MS is continuing the long tradition  michael_t | 04/13/07
what level of tradition? Christmas or Memorial day?  Omniscion | 04/13/07
Like the Unix server hack not long ago  John Zern | 04/13/07
Can you be more specific?  JDThompson | 04/13/07
Are you talking about  zkiwi | 04/14/07
Windows2000  Golden1911 | 04/13/07
Is this like the Root DNS server hack  John Zern | 04/13/07
No...  JDThompson | 04/13/07
We are here now  robert@... | 04/16/07

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More