Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Microsoft Vulnerability in RPC on Windows DNS Server - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Vulnerability in RPC on Windows DNS Server
As a follow up to our diary earlier this week about a potential new DNS Vulnerability,  Microsoft has released an advisory in regard to the vulnerability.  Microsoft has investigated and it appears a vulnerability exists that could allow an attacker to run code under the Domain Name System Server service.  This service by default runs as the local SYSTEM id. 

Microsoft has a few suggested actions that can mitigate the risk.

  1. Disable remote management over RPC for the DNS server via a registry key setting.
  2. Block unsolicited inbound traffic on ports 1024-5000 using  IPsec or other firewall.
  3. Enable the advanced TCP/IP Filtering options on the appropriate interfaces of the server.

For more information, please see  KB 935964 (Vulnerability in RPC on WIndows DNS Server Could Allow Remote Code Execution).

---
Scott Fendley
ISC Handler


ScottF

188 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!