Monday, April 16, 2007

Microsoft DNS Server Exploits Abound

Over the weekend a number of exploits turned up that make it easy to exploit the recently announced flaw in RPC found on Microsoft DNS Servers.

Those using best practices to firewall inbound connections to ports not explicitly needed should be protected. People who have Windows servers at colocation facilities or who use ISPs to host services where the ISPs don't have gateway firewalls setup are at risk.

Among the circulating exploits are an exploit module for Metasploit.

We're also beginning to see variants on established worms, in particular the Rinbot/Nirbot worm, taking advantage of this exploit. This behavior means that unprotected machines will likely be found soon, so please make sure you are following all of the suggestions in the Microsoft Advisory as well as following firewall best practices.

Note from the sponsor: the new worms are detected and stopped by the Gateway AntiVirus Softpak, while attempts to exploit the DNS RPC flaw are detected and stopped by the Intrusion Prevention Softpak. The InstaGate firewall is also instrumental in defending against this vulnerability.

No comments: