Cybercrooks exploiting new Windows DNS flaw

Cybercrooks are using a yet-to-be-patched security flaw in certain Windows versions to attack computers running the operating systems, Microsoft warned late Thursday.

The attacks target Windows 2000 Server and Windows Server 2003 systems through a hole in the domain name system, or DNS, service, Microsoft said in a security advisory. The attacks happen by sending rigged data to the service, which by design is meant to help map text-based Internet addresses to numeric Internet Protocol addresses.

"An anonymous attacker could try to exploit the vulnerability by sending a specially crafted RPC packet to an affected system," Microsoft said in the advisory. RPC, or Remote Procedure Call, is a protocol that applications use to request services from programs on another computer in a network. RPC has been involved in several security bugs before, including in the vulnerability that let the Blaster worm spread.

The French Security Incident Response Team deems the Windows DNS vulnerability "critical," its highest rating.

The DNS and RPC warning comes days after Microsoft issued its April security patches. At the same time security experts have issued warnings on multiple zero-day flaws in Office and another one in Windows.

The latest vulnerability is a stack-based buffer overrun, Microsoft said. This is a common type of coding problem that has caused many headaches for Microsoft and Windows users. A successful attack will give full control over a vulnerable machine without any user interaction, Microsoft said.

There are "limited attacks" that exploit the issue, Microsoft said. The software maker said it is finishing a security update for Windows to repair the problem. Microsoft did not say when it plans to release the update. The company's next "Patch Tuesday" is on May 8, though if attacks increase a patch could be released out of that cycle.

While it works on the fix, Microsoft suggests several work-arounds for users of affected Windows versions. These include disabling remote management over RPC capability for DNS servers, blocking specific data ports using a firewall and enabling advanced filtering. Security firm Symantec on Thursday urged users to apply the work-arounds.

"Customers are advised to?apply the appropriate work-arounds as soon as possible, in the event that the attacks become more widespread," Symantec said in an alert sent to subscribers of its DeepSight security intelligence service.

Windows XP and Windows Vista are not impacted by the DNS flaw. Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are vulnerable, Microsoft said.

[linuxninja39]

Windows more secure than Linux or anything else for that matter???

I would like to expose 2 myths that I sometimes see still cropping up.

1) Windows is more secure Linux.
These types of claims are then based on the number of listed vulnerabilities over a period of time, and the average time to resolve. Both of those numbers are completely irrelevant. The truth here is this. When was the last time you saw, read about or heard about a remote root level exploit on Linux that was going to take 3 WEEKS to fix? I have been in the IT industry for almost 10 years and I can not think if any such situation. However a simple google search will show you a very large number of such situations regarding Windows. There is no other matrix that can compare. You can not compare a local KDELibs DoS "exploit" to a remote root one.

2) If Linux has as high a market share it would get just as many exploits.
The truth here is that Linux/Unix run more web servers and DNS servers than all Windows platforms combined. And yet its the Windows system that continue to get cracked.

To conclude, while you certainly CAN lock down a Windows system, it is by design an inferior platform.

[Stating]

Redundant: All Flaws Are Unpatched

I am sick and tired of hearing the phrase "a yet as unpatched flaw". All software flaws, known and unknown, that exist in released software are unpatched until they are patched. How many unknown flaws in software do you suppose are unpatched? Billions! How many known flaws in software do you suppose are unpatched? Millions!

[Penguinisto]

The Cure

tinydns:
http://tinydns.org

[n3td3v]

cybercrooks

go and stop using that phrase, you're over using it.

don't turn into robert lemos please over using certain words and phrases.