14 DAY TRIAL // Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are taking heavy fire via a vulnerability in RPC on Windows DNS Server. Microsoft is contesting the fact that attacks are widespread, but despite this, the Redmond Company has made available no less than four updates to its original advisory informing of the DNS critical flaw.
"I wanted to let you know that we've made a revision to our security advisory to provide some additional details and clarifications. First, though, I wanted to let you know that the situation has not changed. Our teams are continuing to work on developing and testing updates for this issue, and our ongoing monitoring of the situation shows that attacks are still not widespread," revealed Christopher Budd, Security Program Manager with MSRC.
According to the Redmond Company, there are no less than four items of malicious code involved with the exploitation of the DNS vulnerability: Siveras.B, Siveras.C, Siveras.D and Siveras.E. Also tracking the evolution of exploits targeting the DNS vulnerability, McAfee has warned that absolutely no user interaction is required for a successful exploit. The attack vector is - according to McAfee - malicious remote network traffic.
This is why Microsoft is advising that customers block a wide range of ports as mitigation measures until a security update will be made available most likely at the beginning of May. "All the workarounds are effective against attempts to exploit the vulnerability over RPC, port 445 and port 139. For port 445 and 139, an attacker will need to authenticate using a valid username and password. These do not allow unauthenticated attacks the same way RPC does. However, the guest account, which is disabled by default, could be used if it has been enabled," reads the latest addition to the Microsoft Security Advisory (935964).