Feeds

back to article Attacks exploit Windows DNS server flaw

Attackers are targeting a flaw in the DNS service for Windows server OSes that could hijack the computers that run them, Microsoft warns. The software behemoth advises admins to employ workarounds pending completion of its investigation. The vulnerability affects Windows 2000 Server, Service Pack 4 and SP 1 and SP2 versions of …

COMMENTS

This topic is closed for new posts.

Go back to best practice

Once upon a time there were rules.

One - there was code and there was data.

A process shall not write code nor execute data!

The operating system enforced the rule. A buffer overflow would cause the offending process to be aborted - annoying but intrusive code could not be executed.

Two - no application process shall run as God!

0
0

WeeWease the Pwiznahs!

I just came home from the local electronics store and, to be quite honest, had the most terrible time with the demo units and their pre-installed copies of Vista. Now I'm no idiot, having been in IT for over twenty years , but ye gods! What in the name of heaven did MS do to this release?! Its so slow and frankly more confusing than I cared to admit. After playing around, and thats what I do with every OS and their releases, I can honestly say there isn't much reason to move to this. The only sales this will likely get are the usual OEM copies that are regretably forced on the ignorant purchaser.

0
0
Silver badge

'Kick me'

Without wishing to minimise Microsoft's responsibility for this issue, I'd be horrified if any of my customers had servers with RPC ports exposed on the Internet. Any such configuration is just cruisin for a bruisin, IMHO.

If you need to allow remote management of your systems via the Internet, at least restrict access to an 'allow' list of addresses or (more flexibly) use a method that supports strong authentication, such as a VPN.

0
1

What Rules......?

"Once upon a time there were rules.

One - there was code and there was data.

A process shall not write code nor execute data!

The operating system enforced the rule. A buffer overflow would cause the offending process to be aborted - annoying but intrusive code could not be executed.

Two - no application process shall run as God!" ....... DavidN

Ergo Three Resolving One and Two ..... no application of shall not write code nor execute data shall run as God.

A Process executes Coded Data...Binary Signals ......Quantum Communication........ as a God is not Impossible but is IT Enough whenever there are So Many Goddesses. Virgin Nymphs in a State of Glorious Grace. Mary's Love ReBorn in ITs Worship.

0
0

Read the fine print and hit the "un-panic" button

"The name resolution functionality of the DNS service exposed over port 53 is not vulnerable to this attack."

This means while the RPC input can be exploited, any server sitting behind a firewall is safe as the firewall blocks RPC requests from the outside. You're JUST running a server? Don't panic and wait for a tested fix.

How you really want to take advantage of this vulnerability is to infect a workstation on the same side of the firewall as the DNS server. And, well, we can stop those before the fact. I did this for four years with a 0% infection track record.

0
0
This topic is closed for new posts.