A zero-day vulnerability in several of Microsoft’s server products could enable a hacker to divert the Web traffic of not just a single user but of a company’s entire roster of employees, the company warned this week. Microsoft released an advisory late Thursday warning users that it is investigating a “limited” number of attacks that are exploiting a vulnerability in the Domain Name System (DNS) Server Service. The bug could affect servers running Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 SP 1, and Windows Server 2003 SP 2. The advisory states that Windows Vista, along with Microsoft Windows 2000 Professional SP 4 and Windows XP SP 2, do not contain the flawed code, and so they are not affected. The exploits started to appear on the Internet mid-week.

“This is pretty dangerous,” said Amol Sarwate, manager of the vulnerability research lab at Qualys, Inc., a security company based in Redwood Shores, Calif. “This is not a desktop problem but a server problem, so it will affect all of the users in a company that use that server.” Microsoft noted in its advisory that the bug enables remote code execution, which the company generally ranks as a critical security risk. The Internet Storm Center noted in its daily diary Friday that Microsoft is offering up a few workarounds, which by definition are not patches, but ways to run the software while mitigating some of the risk. Users can disable remote management for the DNS server. They also can block unsolicited inbound traffic on ports 1024-5000 using IPSec or other firewalls, and they can enable the advanced TCP/IP Filtering options on the appropriate interfaces of the server. Luckily for me, I’ve to take care only about 2 linux servers which are used for Releaselog and some other websites…

Source: Microsoft, IT Week

Comments(3)