Security Alert
Vulnerability in Microsoft DNS Server

Description
A vulnerability was found in Microsoft DNS server on Windows 2000 and Windows 2003 servers in last Thursday. The vulnerability is caused by stack buffer overflow in an RPC interface of the DNS service. Attackers can exploit the vulnerability by execute arbitrary code with SYSTEM privileges and gain total control of the server. The vulnerability is currently being actively exploited on a limited scale because most DNS servers are not open to public for RPC connection.

Product affected
* Windows 2000 server with SP 4
* Windows 2003 server with SP 1 or SP 2

Solution
This vulnerability is not yet patched at this moment.

Suggested workarounds
- Disable remote management over RPC capability for DNS servers by modify registry key setting. Pls refer to the following for the procedure:

Remark: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems

resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in regedit.exe.

Note: We recommend backing up the registry before you edit it.

1. On the start menu click 'Run' and then type 'Regedit' and then press enter.

2. Navigate to the following registry location: ¡§HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters¡¨

3. On the 'Edit' menu select 'New' and then click 'DWORD Value'

4. Where 'New Value #1' is highlighted type 'RpcProtocol' for the name of the value and then press enter.

5. Double click on the newly created value and change the value's data to '4' (without the quotes).

6. Restart the DNS service for the change to take effect.

 Firewall for protect RPC connection : Sonicwall UTM Firewall
Intrusion Prevention System: 3Com Tippingpoint, Mcafee IntruShield

Source
Microsoft





Promotion
Promotion 1: Hosted Exchange Service Promotion
Promotion 2: Microsoft Get The Power III

 Enquiry Hotline: 2102 5894    Email: marketing@nexus-hk.com
If you don't want to receive our marketing information, please email back to us with the subject of "Delete my record", we will promptly delete it. All the above informations are for reference only.