13 April 2007, 11:30

Malicious code execution on Microsoft Windows DNS Server

A vulnerability in Microsoft's DNS Server Service allows attackers, under certain circumstances, to remotely gain full control of affected systems. According to an advisory published by Microsoft, certain manipulated RPC packets cause a buffer overrun in the DNS service, which may be used to infiltrate malicious code, which is then executed by the service with SYSTEM privileges. According to Microsoft, this hole is already being actively exploited and no patch has been provided yet to fix this bug .

The Microsoft DNS Server is a component of Windows 2000 SP 4 and Windows Server 2003 with SP1 and SP2 and is not enabled by default. Microsoft advises users to disable RPC remote management for the DNS Server Service on vulnerable systems. To achieve this, users must create a DWORD type registry entry with the name RpcProtocol and the value 4 under HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters. Microsoft also recommends restricting network access for RPC packets to TCP ports in the range 1024 to 5000 to trusted IP addresses.

Channels

Services

Malicious code execution on Microsoft Windows DNS Server

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit