Cybercrooks exploiting new Windows DNS flaw
Cybercrooks are using a yet-to-be-patched security flaw in certain Windows versions to
attack computers running the operating systems, Microsoft warned late Thursday.
The attacks target Windows 2000 Server and Windows Server 2003 systems through a bug in the domain name system, or DNS, service, Microsoft said in a security advisory.
What is the vulnerability:
The vulnerability is believed to be caused by a stack overflow error in the Windows DNS Server's RPC interface implementation when processing malformed requests sent to a port between 1024 and 5000.
This means that remote unauthenticated attackers can execute arbitrary code with SYSTEM privileges by sending specially crafted requests to vulnerable systems.
"An anonymous attacker could try to exploit the vulnerability by sending a specially crafted RPC packet to an affected system," Microsoft said in the advisory.
What is RPC?
RPC, or Remote Procedure Call, is a protocol that applications use to request services from programs on another computer in a network.
Red Alert : The French Security Incident Response Team deems the Windows DNS vulnerability "critical," its highest rating.
Which OS's are Affected :
Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are vulnerable, Microsoft said.
Caution to be taken :
Security experts are advising that users for the time being disable remote management over RPC capability for DNS Servers or block unsolicited inbound traffic on ports 1024 to 5000.
via [ Microsoft security advisory ]