Security firm PatchLink has issued an emergency
workaround to identify the Domain Name System
(DNS) Server Service vulnerability in
Windows Server platforms, and enable users to temporarily defend
themselves against exploits in the wild.
PatchLink’s automated
DNS Zero-Day Remediation patch enables
customers to identify if they are vulnerable, determine where
the impacted DNS servers are located, and block known attack
vectors to mitigate risks to their IT environment.
Microsoft issued a security advisory last week about targeted
attacks exploiting a vulnerability in the Windows DNS Server, and
on Monday, announced that a worm appeared on the internet using the
flaw.
The DNS Zero-Day Remediation workaround will help protect
customers while they wait for an official patch from Microsoft, and
can be uninstalled once the Microsoft patch is made available.
Paul Zimski, director of product and market strategy at
PatchLink, said, “While the current botworm exploits are
unsophisticated, there is considerable danger that more
sophisticated attacks could be in the works.
“The DNS servers are a particularly high value target because a
hacker that ‘owns’ DNS servers can perform a ‘man in the middle’
attack. Although this attack isn't going to hit every desktop, it
is very serious."
DNS worm strikes at Microsoft server flaw
>>
Microsoft rates DNS Server flaw as dangerous
>>
Comment on this article:
computer.weekly@rbi.co.uk
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated
with managing security
Stuart King’s risk management blog
>>Dealing with the operational challenges of
information security and risk management