14 DAY TRIAL // Windows Vista is Microsoft's new axis mundi. Vista is furthermore the central architecture of the Redmond Company's security efforts. A comparison between the impact of the Windows Animated Cursor Handling vulnerability and the DNS flaw comes to prove this point.
Just after five days since the .ANI file format vulnerability became public, Microsoft issued an out of band security update addressing the issue. Two days after Microsoft's Monthly bulletin release cycle, on April 12, the Redmond Company warned of limited and targeted attacks against a vulnerability in the Domain Name System (DNS) Server Service for Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2. At this point in time, Microsoft plans to make available a security update on May 8, 2007.
"We've not seen any new developments in the DNS situation," revealed Christopher Budd, Security program manager with the Microsoft Security Response Center, proving that when it's not about Windows Vista, it's not on the map.
"With the ongoing development and testing work from our teams on the issue, we are increasingly confident that we will have an update of appropriate quality for broad distribution in time for the May 8, 2007 monthly bulletin release. Also, our ongoing monitoring and work with our Microsoft Security Response Alliance (MSRA) partners shows no new malicious software attempting to exploit this vulnerability, and the information we posted about malicious software attempting to exploit this vulnerability last Thursday remains current," Budd added.
Microsoft informed that the company continues to keep a close eye on the evolution of the situation and that plans might change only in the context of an unpredicted event.