Microsoft said late Thursday that is investigating reports of a
limited attack exploiting a vulnerability in the Domain Name System
(DNS) Server Service, which could allow an attacker to run code and
gain access to the system.
 | | | | | While the attack appears to be
targeted and not widespread, we are monitoring the issue and are
working with our MSRA partners to monitor and help protect
customers.
Adrian Stone,
security researcherMicrosoft |
| | | | | |
| |
|
A stack-based buffer overrun exists in the Windows DNS Server's
remote procedure call (RPC) interface implementation on Windows
2000 Server and Windows Server 2003. An attacker can send a RPC
packet to the interface and run malicious code on the system.
The vulnerability is reported in Microsoft Windows 2000 Service
Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003
Service Pack 2. Microsoft said Windows XP Service Pack 2, and
Windows Vista does not contain the vulnerable code.
Microsoft said a security update is planned to fix the flaws and
has issued a specific workaround that can be used until a patch is
issued.
In its
935964 security advisory Microsoft said it's "initial
investigation reveals that the attempts to exploit this
vulnerability could allow an attacker to run code in the security
context of the Domain Name System Server Service, which by default
runs as Local System."
Adrian Stone, a Microsoft researcher, said in the
Microsoft
Security Response Center blog that Microsoft has identified
steps customers can take to protect themselves. Microsoft is urging
customers to disable remote management over RPC capability for DNS
Servers through the registry key setting. Users can also block
unsolicited inbound traffic on ports between 1024 to 5000 and
enable advanced TCP/IP filtering on systems.
"While the attack appears to be targeted and not widespread, we
are monitoring the issue and are working with our MSRA partners to
monitor and help protect customers," Stone said.