14 DAY TRIAL // Microsoft and security developers Symantec and McAfee have all warned of increasing attacks targeting the zero-day vulnerability in RPC on Windows DNS Server that can allow for remote code execution in the eventuality of a successful exploit. Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are the only Microsoft products affected by the flaw, Microsoft has revealed since the initial announcement related to attacks that neither Windows XP SP2 nor Windows Vista contain the vulnerable code.
"Our ongoing monitoring, in conjunction with our MSRA partners indicates that we are seeing a new attack that is attempting to exploit this vulnerability. At this time, the attack does not appear widespread. Once again, we want to strongly advise customers to deploy the workarounds in their environment as soon as possible. In particular, we're encouraging customers to deploy the registry key workaround. Also, we strongly urge customers to deploy the latest signatures for their security products," said Christopher Budd, Security Product Manager with the MSRC.
The information provided by the Microsoft Security Response Center does not paint a clear perspective over the attacks targeting the Domain Name System (DNS) Server Service. However, McAfee and Symantec more than make up for this detail.
McAfee has warned of a Nirbot variant in connection with the DNS zero-day. Symantec has revealed that it has seen an increasing activity over TCP port 1025 because the W32.Rinbot.BC worm is scanning in search of vulnerable computers. "W32.Rinbot.BC opens a back door that connects to the x.rofflewaffles.us domain and awaits for commands from the attacker. The intention behind this malware appears to be the same as any other bot: construction of a bot net," explained Shunichi Imano, Symantec Security Response Engineer.
Budd has informed that Microsoft is laboring to produce a resolve for this issue. Judging by the increasing attacks, Microsoft is heading for the second out-of-cycle update release in April.
.