Re: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution

Fri, 11 Aug 2006 09:05:22 -0700

Maybe you wouldn't exactly call it a utility tool, but WSUS can generate reports with all kinds of info regarding the status of patches for all machines in the domain.
It's free and has minimal hardware requirements. You can service all your machines via a GPO and, if you're the cautious type, wait for the bleeding edge people to report back before approving certain updates for your client machines. 

-mjm
_________________________________________________________________



Alex Alborzfard wrote:

What about MS06-040? I've heard it's a nasty one like blaster.
DHS has already issued a recommendation to apply this patch.

I remember using a utility tool that would list all applied patches on a
Windows box with all kind of information.
Anyone has ever used or knows anything about it?

Alex
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, August 08, 2006 1:55 PM
To: [email protected]
Subject: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability
in DNS Resolution Could Allow Remote Code Execution

One of 12 today...but since it's DNS related


Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution 
Could Allow Remote Code Execution (920683):

http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx

For an attack to be successful the attacker would either have to be on a


subnet between the host and the DNS server or force the target host to 
make a DNS request to receive a specially crafted record response from 
an attacking server.



(and Brett...just a FYI... in my twig forest... any attacker that ends 
up on a subnet between a host and my DNS server [aka the Kitchen sink 
service server] ... that attacker is dead meat and has a 2x4 aimed his 
way... one advantage of being little)


Your patch folks may be calling up you AD guys for testing passes.

Workarounds:

*Block DNS related records at network gateways*


Blocking the following DNS record types at network gateways will help 
protect the affected system from attempts to exploit this vulnerability.


*       

ATMA

*       

TXT

*       

X25

*       

HINFO

*       

ISDN DNS


  

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx






















					Reply via email to