Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Microsoft Vulnerability in RPC on Windows DNS Server SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Vulnerability in RPC on Windows DNS Server
As a follow up to our diary earlier this week about a potential new DNS Vulnerability,  Microsoft has released an advisory in regard to the vulnerability.  Microsoft has investigated and it appears a vulnerability exists that could allow an attacker to run code under the Domain Name System Server service.  This service by default runs as the local SYSTEM id. 

Microsoft has a few suggested actions that can mitigate the risk.

  1. Disable remote management over RPC for the DNS server via a registry key setting.
  2. Block unsolicited inbound traffic on ports 1024-5000 using  IPsec or other firewall.
  3. Enable the advanced TCP/IP Filtering options on the appropriate interfaces of the server.

For more information, please see  KB 935964 (Vulnerability in RPC on WIndows DNS Server Could Allow Remote Code Execution).

---
Scott Fendley
ISC Handler


ScottF

189 Posts
ISC Handler
Apr 13th 2007

Sign Up for Free or Log In to start participating in the conversation!