April 19, 2007 8:24 AM PDT

Microsoft preps 133 patches for Windows DNS hole

by Joris Evers

Font size
Print
E-mail
Share
3 comments

Microsoft plans to have a fix for the recently disclosed Windows Domain Name System service flaw available by its May 8 patch day at the latest.

"This is a developing situation and we are constantly evaluating the situation and the status of our development and testing of updates," Christopher Budd, a Microsoft Security Response Center staffer wrote on a corporate blog Tuesday.

Microsoft is working on 133 separate updates for the problem, Budd wrote.

"One in every language for every currently supported version of Windows servers," he wrote. "Each of these has to be tested to ensure they effectively protect against the vulnerability."

The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft last week warned that it had already heard of a "limited attack" exploiting the flaw. Since then exploit code was publicly disclosed and a variant of the Nirbot worm that takes advantage of the hole has surfaced.

The attacks on the DNS service happen when someone sends rigged data to it. The service is meant to help map text-based Internet addresses to numeric Internet Protocol addresses. The vulnerability affects the DNS RPC interface. RPC, or Remote Procedure Call, is a protocol used by applications to send requests across a network.

Because DNS is a critical part of the networking infrastructure, Microsoft is taking special care with its patches, Budd wrote. "They also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing," he wrote.

Topics:: Security,; Microsoft

Tags:: Patches,; Security,; Windows

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

Inside CNET News

Scroll Left Scroll Right

2010 CES
Intel's 'Turbo Boost' Core i5 comes to HP laptops
The Core i5 and the Core i3 are the first Intel laptop processors to combine two processor cores and a graphics function in one chip package
Gallery
Unboxing the Nexus One (photos)
Apple
Apple acquires Quattro Wireless
It's official. The acquisition of the mobile advertising company comes when Google--suddenly Apple's big rival in mobile--has made plans to acquire competitor AdMob.
Beyond Binary
Windows Mobile glitch dates 2010 texts 2016
Microsoft says it is working with mobile partners to fix a problem causing SMS messages sent after New Year's Day to appear as if they were sent from the future.
Video
Nexus One: The big reveal (video)
Technically Incorrect
'Kill Obama' Facebook group active for over a month
A group whose name appeared to advocate the demise of the president survives on Facebook since November and is removed only after CNET draws Facebook's attention to it.
Video
Hands on with Google's Nexus One (video)
The Social
Now you can play Foursquare anywhere
Mobile location-sharing service was only open to users in a few dozen cities, but has now opened up to the world at large--giving it an advantage in the hot "geo" market.
The Digital Home
NASA's Kepler finds five 'hot Jupiters'
After less than a year in operation, NASA's Kepler space telescope finds five new exoplanets in our galaxy. Unfortunately, none of them is habitable.
Gallery
Google unveils its 'super phone' (photos)
2010 CES
Bright idea: Klipsch LightSpeakers
Klipsch's LightSpeaker is the first product to combine efficient LED lighting and wireless ambient sound into a single unit that installs like a light bulb.
2010 CES
Whirlpool, Direct Energy assemble home energy system
Will home networks get smart to energy management? Whirlpool and Direct Energy team with a display maker and Best Buy in a big to automate savings.