• On CBS MoneyWatch: At risk: your workplace skills
April 19, 2007 8:24 AM PDT

Microsoft preps 133 patches for Windows DNS hole

by Joris Evers

Microsoft plans to have a fix for the recently disclosed Windows Domain Name System service flaw available by its May 8 patch day at the latest.

"This is a developing situation and we are constantly evaluating the situation and the status of our development and testing of updates," Christopher Budd, a Microsoft Security Response Center staffer wrote on a corporate blog Tuesday.

Microsoft is working on 133 separate updates for the problem, Budd wrote.

"One in every language for every currently supported version of Windows servers," he wrote. "Each of these has to be tested to ensure they effectively protect against the vulnerability."

The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft last week warned that it had already heard of a "limited attack" exploiting the flaw. Since then exploit code was publicly disclosed and a variant of the Nirbot worm that takes advantage of the hole has surfaced.

The attacks on the DNS service happen when someone sends rigged data to it. The service is meant to help map text-based Internet addresses to numeric Internet Protocol addresses. The vulnerability affects the DNS RPC interface. RPC, or Remote Procedure Call, is a protocol used by applications to send requests across a network.

Because DNS is a critical part of the networking infrastructure, Microsoft is taking special care with its patches, Budd wrote. "They also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing," he wrote.

Topics:

Security,

Microsoft

Tags:

Patches,

Security,

Windows

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Was InfoWorld's CTO of the Year award a year late?
VMWare VI4 renamed to vSphere
Related
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
"133" Patches!!!!
by alundil April 19, 2007 9:29 AM PDT
I find it amusing that the author of this blog decided to headline the blog as if there were truly 133 individual and distinct patches being release by Microsoft to address this one vulnerability. I wouldn't count localized version of the patch as different patches. By the same logic, the author must believe that Microsoft sells at least 133 versions of Windows (etc.) and not just localized versions of the same.
Reply to this comment
Yes, according to M$
by Sparky672 April 19, 2007 10:41 AM PDT
C/Net's headline only reflects the comments of a M$ employee.
Reading the quotes within the article...

Quoting: "...Christopher Budd, a Microsoft Security Response
Center staffer wrote on a corporate blog Tuesday.

Microsoft is working on 133 separate updates for the problem,
Budd wrote.

'One in every language for every currently supported version of
Windows servers,' he wrote. 'Each of these has to be tested to
ensure they effectively protect against the vulnerability.'"


I find it interesting if true. Why would one have to fix and test
for each localized version? They should all be the same within
each version except for the language components.
Windows 2000 = Sevice Pack 5
by kieranmullen April 19, 2007 2:25 PM PDT
Getting up there in numbers eh Microsoft?

KieranMullen
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement

Making sense of Windows 7 upgrades

faq The basics and the fine print on Microsoft's options for those eyeing the next operating system from Redmond.
• Full Windows 7 coverage

Road Trip 2009: Big Sky Country

CNET News reporter Daniel Terdiman takes his car full of gadgets to the Rockies and the Great Plains in search of tech, science, nature, and more.
• America's Fortress: Cheyenne Mountain

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET