Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Microsoft Vulnerability in RPC on Windows DNS Server - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Vulnerability in RPC on Windows DNS Server
As a follow up to our diary earlier this week about a potential new DNS Vulnerability,  Microsoft has released an advisory in regard to the vulnerability.  Microsoft has investigated and it appears a vulnerability exists that could allow an attacker to run code under the Domain Name System Server service.  This service by default runs as the local SYSTEM id. 

Microsoft has a few suggested actions that can mitigate the risk.

  1. Disable remote management over RPC for the DNS server via a registry key setting.
  2. Block unsolicited inbound traffic on ports 1024-5000 using  IPsec or other firewall.
  3. Enable the advanced TCP/IP Filtering options on the appropriate interfaces of the server.

For more information, please see  KB 935964 (Vulnerability in RPC on WIndows DNS Server Could Allow Remote Code Execution).

Scott Fendley
ISC Handler


188 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!