Thursday, April 19, 2007

W32.Rinbot - Exploitation of Windows DNS and other vulnerabilities

It comes as no surprise that the exploitation of the MS DNS issue is out and around. According to Symantec, this particular worm executes several vulenrability checks (much like a security scanner) and exploits those that are vulnerable. In short, the process is completely automated and will drop codes inside your computer leaving it open for remote code execution.

It's odd as to why Symantec categorizes this threat as Low (for now). I would think its pretty high as the fixes for MS DNS is still in the bakery. So, please ensure your AV and Windows is constantly updated. As for the DNS issue, please apply the workaround as seen in my previous posts.

Excerpt from this article:

The worm scans network for computers vulnerable to the following vulnerabilities and exploits them:

  • The Microsoft DNS Server Service Could Allow Remote Code Execution (BID 23470) on TCP port 1025
  • The Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (BID 19409) on TCP port 139
  • Symantec Client Security and Symantec AntiVirus Elevation of Privilege (BID 18107) on TCP port 2967
Post a Comment