DNS fix expected in this week's MS updates

Stephen Withers
Monday, 07 May 2007 07:55

Your IT - Home IT

Microsoft's May security bulletins should include a fix for an exploited vulnerability in the DNS Server service in Windows 2000 SP4 and Windows Server 2003 SP1/SP2.

Microsoft program manager Christopher Budd wrote in the Microsoft Security Response Center blog "we haven’t seen any new information around attacks against the issue... Also, the listing of updates slated for Tuesday does include the update we’ve been working on for this issue."

The vulnerability surfaced just after April's Patch Tuesday. This is an increasingly common occurrence, apparently aimed at maximising the time between the first exploit and the likely release of a patch.

In a blog post around 10 days ago, Budd wrote "our ongoing monitoring and work with our Microsoft Security Response Alliance (MSRA) partners shows no new malicious software attempting to exploit this vulnerability.. [and the] indications are that attacks are still not widespread."

The Siveras malware family is known to exploit the DSN Server service vulnerability, but none of the first five variants are able to automatically self-propagate.

On April 24, Microsoft published a support article explaining how to disable remote administration of the DSN Server service as a prophylactic measure against exploits pending the availability of a permanent fix.

Windows XP and Vista are not affected by this flaw, as they do not include the relevant service.