Saturday, April 14, 2007

Windows 2000/2003 DNS Server Service Zero Day Exploit

A new buffer overflow vulnerability with the RPC protocol for managing the DNS service in Windows 2000 (all SPs) and Windows 2003 (all SPs) has been discovered by hackers. Upon successful execution of this exploit, the attacker can run code with the security equivalent of SYSTEM (which is pretty much everything but the kitchen sink).

Microsoft says, in this article, to apply workarounds which includes disabling the RPC management for DNS, local management of DNS will still be possible.

Some security companies have flagged this critical, and i must agree with them. A lot of people will run DNS on a domain controller which holds Active Directory. Having successfully exploited on these domain controllers could leave your entire AD at risk. This could mean all sensitive user, Exchange and other related data could be at risk

It is also possible to perform advanced RPC filtering using application layer firewalls. Simply block MMC RPC connectivity to servers running DNS.

Client operating systems such as XP or Vista are not affected. ISS has raised it's AlertCon to 2 following this zero day exploit. If the exploit codes fall into wrong hands, this could potentially be another MSBLASTER like affect to Windows boxes.

KB: http://support.microsoft.com/kb/935964
Post a Comment