. Updated Daily. Editions SDA India   SDA Indonesia
JAX Asia 2008 - Conference for Enterprise Java, SOA, Spring, Web Services, Ajax, Agile and more
BUSINESS ENTERPRISE SOLUTIONS ARCHITECTURE INFORMATION SECURITY WIRELESS & MOBILITY DATA & STORAGE DEVELOPMENT HARDWARE













News

Monday, 16 April 2007

RPC Flaw Could Expose Microsoft DNS Servers to Remote Exploits

 

 

A vulnerability in Microsoft's Domain Name System (DNS) Server Service has been uncovered. According to security gurus, this is a serious flaw to have a patch released before the scheduled time.

Due the flaw, a fraudster can send a Remote Procedure Call (RPC) packet to the interface and run malicious code on the system.

The vulnerability can pose a threat to the remote management part of the DNS server. The problem being, a fraudster can influence the core functionality with this flaw.

The flaw was discovered in Microsoft Windows 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft said Windows XP Service Pack 2, and Windows Vista does not contain the vulnerable code.

Amol Sarwate, director of the vulnerability research lab at Redwood Shores, said, "This flaw affects the remote management part of the DNS server, but if someone is able to exploit it, they could change anything or impact the core functionality".

Adrian Stone, a Microsoft researcher, said the workaround involves disabling remote management over RPC capability for DNS Servers through the registry key setting.



 
 
print save email comment

print

save

email

comment
 
 

Search SDA Asia

Free eNewsletter
SDA Asia Magazine Free Download
 
 
 
Copyright @ 2008 SDA Asia Magazine - All Right Reserved Privacy Policy | Terms of Use