Security Information Vulnerability Research Security Blog

Microsoft: Yes, the Windows Server DNS vuln exists

April 13th, 2007 by Juha-Matti, Filed under: Web, Microsoft, Commentary, Corporate Security

Microsoft has confirmed late on Thursday that the RPC vulnerability exists in DNS service implementation of Windows 2000 Server SP4, Windows 2003 Server 2003 SP1, and Windows 2003 Server SP2.

The official Security Advisory is located at
www.microsoft.com/technet/security/advisory/935964.mspx.

SANS ISC had reports about the related exploitation on Saturday 7th Apr already.

The date of the next monthly updates? Tuesday 8th May. More than three weeks.

DiggRedditSlashdotTwitThisSphinnStumbleUpondel.icio.usFacebookGoogleTechnoratiE-mail this story to a friend!

-

Is your site safe from XSS Attacks? Sig nup for Beyond Security Vulnerability Scanner today!

4 Comments:

  1. cus, on April 13th, 2007 at 1:26 pm Said:

    Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are NOT affected

  2. XenoMuta, on April 13th, 2007 at 5:51 pm Said:

    Just as long as you do not manage to make them run DNS Server…

    :p

  3. Matthew Murphy, on April 13th, 2007 at 6:08 pm Said:

    XenoMuta: The vulnerability is specific to Microsoft’s DNS implementation, which does not run on anything other than server platforms (Windows 2000 Server, Windows Server 2003).

  4. Juha-Matti, on April 14th, 2007 at 9:52 pm Said:

    Yes, this is server-only issue as described at the title of the blog entry.

Leave a Comment

Security RSS Subscribe


Vulnerability Scanner