funsec mailing list archives
Microsoft Investigating Vulnerability in Windows DNS Server
From: "Fergie" <fergdawg () netzero net>
Date: Fri, 13 Apr 2007 04:49:28 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Looks like it could be kind of serious (if verified). Via Microsoft Technet (hat-tip, SANS ISC). [snip] Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code. Microsofts initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM. [snip] More: http://www.microsoft.com/technet/security/advisory/935964.mspx http://isc.sans.org/diary.html?storyid=2627 - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.0 (Build 214) wj8DBQFGHwvNq1pz9mNUZTMRAg8tAJ9u/JyFRj0PV6Jz7r4rmjVRR8ZoAwCeJgOU LNJ6h5OeRpmzRnTa8nSJ0sQ= =Cg0c -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft Investigating Vulnerability in Windows DNS Server Fergie (Apr 12)