Friday, April 13, 2007

New Microsoft DNS Server Exploit

There is an exploit in the wild, although not yet public, that takes advantage of a flaw in RPC on Windows DNS Server. Microsoft has issued a security advisory with some recommendations on how to protect your computers while waiting for a patch from Microsoft.

Here is a list of affected operating systems:

  • Windows 2000 Server Service Pack 4

  • Windows Server 2003 Service Pack 1

  • Windows Server 2003 Service Pack 2

The best advise from Microsoft on this issue at the moment is to disable RPC capability for DNS servers by changing a registry value. From Microsoft's advisory:

  1. On the start menu click 'Run' and then type 'Regedit' and then press enter.
  2. Navigate to the following registry location:

  3. On the 'Edit' menu select 'New' and then click 'DWORD Value'

  4. Where 'New Value #1' is highlighted type 'RpcProtocol' for the name of the value and then press enter.

  5. Double click on the newly created value and change the value's data to '4' (without the quotes).

  6. Restart the DNS service for the change to take effect.

And you should make sure you are blocking all unsolicited traffic on ports over 1024. In fact, you should block all unsolicited incoming traffic period. Use personal firewalls on individual machines and gateway firewalls between your machines and the Internet.

No comments: