Windows

Windows DNS server remote code execution threat


A newly released Microsoft Security Advisory warns that the Redmond-based company is investigating reports of attacks taking place against Windows 2000 Server Service Pack 4 as well as Windows Server 2003 SP1 and Windows Server 2003 SP2.

The Mitre CVE reference for this is CVE-2007-1748. Details are few at this time, but Microsoft's report confirms the existence of the vulnerability, specifically a stack-based buffer overrun in the the Remote Procedure Call (RPC) interface.

The attack can not take place through port 53.

Until a patch is released, one workaround is to disable remote management control over RPC by editing the registry. The advisory provides details.

According to the advisory, another step you can take to protect your system is to "block all unsolicited inbound traffic on ports between 1024 to 5000."

This is breaking news, so please continue to check the security advisory for any details that may change as the situation becomes clearer.

UPDATE 

Microsoft has updated the original security advisory with additional information about mitigation and about the Small Business Server: 

"April 13, 2007: Advisory updated to include additional details about Windows Small Business Server. Mitigations also updated to include additional information regarding the affected network port range and firewall configuration. Additional details also provided for registry key mitigation values." 

2 comments
cousintroy
cousintroy

seeing as how I just passed my 70-291 with a 700 but is your risk lower if you dont have your DNS servers accessible to the outside world? Granted an attack still could come from the inside but if you have your intranet blocked by a firewall are you at least guarded from any attacks from the outside?

lowlands
lowlands

you'd be safe from an outside attack.

Editor's Picks