Tuesday, April 17, 2007

Microsoft Security Advisory 935964: Additional Updates

The Microsoft Security Response Team is working around the clock to provide a solution to the vulnerability in RPC on Windows DNS Servers which could allow remote code execution, relating to the following:
  • Microsoft Windows 2000 Server Service Pack 4
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Small Business Server 2000*
  • Microsoft Windows Small Business Server 2003*
*The listed SBS run the DNS Server Service by default and are also affected by this vulnerability.

Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as they do not contain the vulnerable code.

Please note, in particular, that new information about the impact of some of the workarounds on systems with 15 character, or longer, system names has been added to the Security Advisory. In addition, Microsoft staff have noted that it is possible for a user with valid logon credentials to access the vulnerability over port 445.

See the workaround in the below-referenced Security Advisory and Jesper's Blog post, Turn off RPC management of DNS on all DCs for instructions for disabling RPC management on DNS on a large number of DCs or DNS servers.


References:

No comments: