Microsoft Discusses Vulnerability in its Server Products
After Microsoft's disclosure of vulnerability in quite a number of its server programs, attackers are exploiting it to run illegal program on compromised computers, warned the software giant.
So far, there have been limited attacks, according to a security advisory that Microsoft issued on April 12, 2007 late in the evening. While the company is set to work out a patch, it has not decided the release date, said a spokeswoman in London.
The attacks aim at Windows 2000 Server and Windows Server 2003 programs by exploiting a flaw in the DNS (Domain Name System), Microsoft said in its advisory. The attacks take place as the miscreants send rigged data to the DNS. The function of the DNS is to interconnect respective textual Internet addresses with the corresponding numeric Internet Protocol address.
The vulnerability can initiate a stack-based buffer overflow to the RPC interface of the DNS server. With the help of the RPC protocol, a program can acquire a service from software on another computer within the network.
An attacker could take advantage of the security hole by dispatching a special RPC to the computer system, which would then enable to run a code, the company said.
This is a general type of coding problem that has resulted in much concern for both Microsoft and users of Windows. If an attack is successful it will allow complete control over the weakened machine devoid of user interaction, Microsoft said.
The problems with the DNS and RPC emerged after Microsoft released its security patches for the April 2007 bulletin. Concurrently, there are several 'zero-day' flaws in Microsoft Office and one in Windows, security experts have warned.
Microsoft is also advising users to deactivate remote management over RPC working for DNS Servers via the registry key. In addition, customers need to block inbound unsolicited e-mails on ports between 1024 and 5000 and activate TCP/IP filtering to prevent attackers from exploiting this flaw.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 21-04-2007