News

PatchLink issues workaround for Windows DNS Server flaw

Security firm PatchLink has issued an emergency workaround to identify the Domain Name System (DNS) Server Service vulnerability in Windows Server platforms, and enable users to temporarily defend themselves against exploits in the wild.

PatchLink’s automated DNS Zero-Day Remediation patch enables customers to identify if they are vulnerable, determine where the impacted DNS servers are located, and block known attack vectors to mitigate risks to their IT environment. 

Microsoft issued a security advisory last week about targeted attacks exploiting a vulnerability in the Windows DNS Server, and on Monday, announced that a worm appeared on the internet using the flaw.

The DNS Zero-Day Remediation workaround will help protect customers while they wait for an official patch from Microsoft, and can be uninstalled once the Microsoft patch is made available. 

Paul Zimski, director of product and market strategy at PatchLink, said, “While the current botworm exploits are unsophisticated, there is considerable danger that more sophisticated attacks could be in the works.

“The DNS servers are a particularly high value target because a hacker that ‘owns’ DNS servers can perform a ‘man in the middle’ attack. Although this attack isn't going to hit every desktop, it is very serious."

DNS worm strikes at Microsoft server flaw >>

Microsoft rates DNS Server flaw as dangerous >>

Comment on this article: computer.weekly@rbi.co.uk

David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated with managing security

Stuart King’s risk management blog >>
Dealing with the operational challenges of information security and risk management


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy