You are here  IT Management Security Alerts
Security Flaws & ExploitsMaintenance

Microsoft to release DNS patch Tuesday

Bill Brenner, Senior News Writer
Thursday 03 May 2007 12:00
If all goes to plan, Microsoft will include a patch for the DNS Server Service flaw in its next security update Tuesday.

Christopher Budd of the Microsoft Security Response Center said in a blog entry Thursday that a DNS patch is in the cards.

"We haven't seen any new information around attacks [but] the listing of updates slated for Tuesday does include the update we've been working on for this issue," he wrote. However, he added, "I do want to remind everyone that the information in the advance notification is subject to change, as we continue testing until we release on Tuesday."

Microsoft DNS:
DNS worm strikes at Microsoft flaw: A new worm called Rinbot.BC exploits the Microsoft DNS flaw by installing an IRC bot on infected machines and scanning for other vulnerable servers.

Microsoft investigates DNS server flaw: Attackers could exploit a DNS flaw in Microsoft Windows 2000 Server and Windows Server 2003 and run malicious code on the system. A workaround is suggested until a patch is issued.

Avoiding the scourge of DNS amplification attacks: DNS amplification attacks can generate enough bogus traffic to blow almost anyone off the Internet. Learn how these packet flood attacks work and how to defend your organization.

The DNS Server Service flaw, which has been attacked on a limited scale in recent weeks, is particularly troublesome because it affects DNS servers, which do the work of resolving domain names to the actual IP addresses of the Web servers hosting the requested sites.

The DNS Server Service fix will be part of a patch rollout that includes two updates for Windows, three for Office, one for Exchange and one for CAPICOM and BizTalk. Many of the updates will address critical security holes, Microsoft said in an advance bulletin on its TechNet Web site.

Meanwhile, the software giant will update its malware removal tool and offer a Webcast on the Microsoft Web site Wednesday at 11 a.m. PT. Customers can use the Webcast to ask questions about the patches.

The company will also release one non-security, high-priority update for Windows on Windows Update (WU) and Software Update Services (SUS) and six non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).