News

Microsoft DNS Server Attacks Continue

By Scott M. Fulton, III | Published April 17, 2007, 12:55 PM

In an advisory this morning borrowing language used during previous statements about completely different exploits, Microsoft's Security Response Center team confirmed that it has seen at least one new wave of attacks based on proof-of-concept code impacting its DNS server software in Windows Server-based systems.

The concept enables malicious users to run code remotely under the system privileges generally granted to the DNS service itself. Although technically, the exploit does not directly threaten Internet routing the same way as the crafted IPv6 header problem in Cisco routers that also periodically rears its ugly head (or heads its ugly rear), this exploit can impact the routing of e-mail and other IP traffic within an enterprise or limited domain.

Yesterday, Microsoft acknowledged that the proof-of-concept code discovered by engineers and reported by BetaNews was responsible for the first rash of attacks. But that acknowledgment was confused by multiple press sources as having been an indication that the code was just released, when in fact, the code may have been publicly disseminated for at least a matter of weeks, if not longer.

ZDNet blogger George Ou told BetaNews that Windows Server systems using DNS services could protect themselves more practically than Microsoft suggested. In a post for TechRepublic, he suggests users employ host-based firewalls in addition to external firewalls. Those external firewalls, he suggests, should block all ports by default except for UDP port 53 to the DNS server that's connected to the broader Internet.

In the host-based system, policies can be crafted to open incoming ports 1024 through 5000 only for stations that may be managing the DNS server remotely. Then port 3389 can be opened for stations to be reached via Remote Desktop. This way, internal traffic on the affected ports is more open, though controlled, while access to those ports remains blocked from outside the gateway.

Comments

sfraider24
Apr 22, 2007 - 7:35 PM

Can't we always expect DNS server attacks to continue? Especially against Microsoft software as it is far and away the most widely used.

-SF
http://www.wasatchsoftware.com

Score: 0

|
Post Reply
NULLedge
Apr 18, 2007 - 11:34 AM

thats the ms i know and love

Score: 0

|
Post Reply
Scotch Moose
Apr 17, 2007 - 3:30 PM

Why do they always poke in the soft spots?

Score: 0

|
Post Reply
rsx508
Apr 18, 2007 - 8:23 AM

...because it's worked so well for the porn industry. :)

Score: 0

|
Post Reply
bbfc
Apr 18, 2007 - 12:58 PM edited

LOL!!!! :) (That is a classic!!)

Score: 0

|
Post Reply

Don't wait for Microsoft's patch: Secure Windows now from today's 0-day

Microsoft is recommending users simply get rid of a vulnerable ActiveX control that no one even uses any more. We'll show you how to do that right now.

Nokia: Android? Are you crazy?

Rumors about new Android devices abound, but Nokia squashes this one.

Symantec goes live with Norton 2010 betas

Norton Internet Security and Norton Antivirus 2010 are now available for testing.

What's Now: Drenched with 'Purple Ra1n,' iPhone users caught eating 'redsn0w'

Plus: Symantec and McAfee go to war, and what's LucasArts building in its top-secret, moon-shaped orbital facility?

In New York, online booze loses a Circuit Court decision

Court worried about gangster influence if liquor purchased directly.

British Telecom sacks bitterly unpopular Phorm ad platform

Phorm under BT is no more, but the targeted ad service could still go on under Virgin or TalkTalk.

CBS is the last man standing against Hulu

Popular streaming syndication site Hulu now has all the major networks in its camp except CBS.

Not just Vista: The operating system is dying, too

Carmi Levy: Wide Angle Zoom Vista's troubles point to a bigger shift that will affect more than just Microsoft.

Bolt: the dark horse mobile browser

Bitstream's small-footprint mobile browser is available in Beta 3

IE8 WSUS update push to begin August 25

After months of availability to users willing to seek it out, Internet Explorer 8 will be rolled into Windows Server...

Geeks vs. journalists: A tale of two worldviews

Recovery with Angela Gunn Why geeks think most mainstream journalism is flaky, and why the mainstream thinks geeks are trying to kill them. (They're both right.)

Can Linux do BitLocker better than Windows 7?

Betanews kicks off a new series with a look at how the Linux operating system's FDE stacks up against BitLocker, the Windows feature that today commands a $120 premium.

Windows 7 ISO Verifier 1.0

July 6 - 5:40 PM ET

ProgDVB 6.10.2

July 6 - 5:19 PM ET

FreeBSD 8.0 Beta 1

July 6 - 4:58 PM ET

AOL Instant Messenger for Windows 7.0.5.30 Beta 2

July 6 - 4:37 PM ET

K-Lite Codec Pack Update 4.9.8 Build 20090706

July 6 - 4:16 PM ET

K-Lite Codec Pack 64-bit 2.5.0

July 6 - 3:55 PM ET

SysCheckUp 1.4.0

July 6 - 3:34 PM ET