Cybercrooks exploiting new Windows DNS flaw

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,751
Reaction score
1,210
Cybercrooks are using a yet-to-be-patched security flaw in certain Windows versions to attack computers running the operating systems, Microsoft warned late last week.

The attacks target Windows 2000 Server and Windows Server 2003 systems through a hole in the domain name system, or DNS, service, Microsoft said in a security advisory. The attacks happen by sending rigged data to the service, which by design is meant to help map text-based Internet addresses to numeric Internet Protocol addresses.

"An anonymous attacker could try to exploit the vulnerability by sending a specially crafted RPC packet to an affected system," Microsoft said in the advisory. RPC, or Remote Procedure Call, is a protocol that applications use to request services from programs on another computer in a network. RPC has been involved in several security bugs before, including in the vulnerability that let the Blaster worm spread.

The French Security Incident Response Team deems the Windows DNS vulnerability "critical," its highest rating.
... Full Story Here

Windows XP and Windows Vista are not impacted by the DNS flaw. Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are vulnerable, Microsoft said
Enjoy!

:user:
 
Back
Top