It does NOT effect the DNS port - ONLY RPC connections. So, if someone has
Correct.
Assuming that everyone is firewalling their servers so that only necessary >ports are open on the outside, this is not a high priority item.
However, for ISP's that use MS DNS servers and do remote management from the
inside - their customers could potentially exploit them.
I have worked with folks who run services other than mail on their DNS
servers. One example is FTP. With passive ftp high ports 1024+ need to be
open both ways. So if they are using standard ACL's and not a firewall this
could lead to some trouble as well.
Darrell
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL
PROTECTED])
Sent: Friday, April 13, 2007 10:08 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
FYI - This looks pretty serious and will probably affect most of us.
This alert is to notify you that Microsoft has released Security Advisory
935964 - Vulnerability in RPC on Windows DNS Server Could Allow Remote Code
Execution - on 12 April 2007.
Summary:
Microsoft is investigating new public reports of a limited attack exploiting
a vulnerability in the Domain Name System (DNS) Server Service in Microsoft
Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and
Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional
Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not
affected as these versions do not contain the vulnerable code.
Microsoft's initial investigation reveals that the attempts to exploit this
vulnerability could allow an attacker to run code in the security context of
the Domain Name System Server Service, which by default runs as Local
SYSTEM.
Upon completion of this investigation, Microsoft will take appropriate
action to help protect our customers. This may include providing a security
update through our monthly release process or providing an out-of-cycle
security update, depending on customer needs.
Recommendations:
Review Microsoft Security Advisory 935964 for an overview of the issue,
details on affected components, mitigating factors, suggested actions,
frequently asked questions (FAQ) and links to additional resources.
Customers who believe they are affected can contact Product Support
Services. Contact Product Support Services in North America for help with
security update issues or viruses at no charge using the PC Safety line
(1-866-PCSAFETY). International customers can use any method found at this
location: http://support.microsoft.com/security.
International customers can receive support from their local Microsoft
subsidiaries. There is no charge for support that is associated with
security updates. For more information about how to contact Microsoft for
support issues, visit the International Support Web site:
http://support.microsoft.com/common/international.aspx.
Additional Resources:
* Microsoft Security Advisory 935964 - Vulnerability in RPC on Windows DNS
Server Could Allow Remote Code Execution -
http://www.microsoft.com/technet/security/advisory/935964.mspx
* MSRC Blog:
http://blogs.technet.com/msrc/
Note: check the MSRC Blog periodically as new information may appear there.
Regarding Information Consistency:
We strive to provide you with accurate information in static (this mail) and
dynamic (web-based) content. Security Advisories posted to the web are
occasionally updated to reflect late-breaking information. If this results
in an inconsistency between the information here and the information in the
web-based Security Advisory, the information in the web-based Security
Advisory is authoritative.
If you have any questions regarding this alert please contact your Technical
Account Manager or Application Development Consultant.
Thank you,
Microsoft PSS Security Team
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
