Microsoft Discusses Vulnerability in its Server ProductsAfter Microsoft's disclosure of vulnerability in quite a number of its server programs, attackers are exploiting it to run illegal program on compromised computers, warned the software giant. So far, there have been limited attacks, according to a security advisory that Microsoft issued on April 12, 2007 late in the evening. While the company is set to work out a patch, it has not decided the release date, said a spokeswoman in London. The attacks aim at Windows 2000 Server and Windows Server 2003 programs by exploiting a flaw in the DNS (Domain Name System), Microsoft said in its advisory. The attacks take place as the miscreants send rigged data to the DNS. The function of the DNS is to interconnect respective textual Internet addresses with the corresponding numeric Internet Protocol address. The vulnerability can initiate a stack-based buffer overflow to the RPC interface of the DNS server. With the help of the RPC protocol, a program can acquire a service from software on another computer within the network. An attacker could take advantage of the security hole by dispatching a special RPC to the computer system, which would then enable to run a code, the company said. This is a general type of coding problem that has resulted in much concern for both Microsoft and users of Windows. If an attack is successful it will allow complete control over the weakened machine devoid of user interaction, Microsoft said. The problems with the DNS and RPC emerged after Microsoft released its security patches for the April 2007 bulletin. Concurrently, there are several 'zero-day' flaws in Microsoft Office and one in Windows, security experts have warned. In its "Protect Your PC" guidance, Microsoft lists ways to prevent an attack like deploying a firewall, applying security updates and installing anti-virus and spyware programs. Microsoft is also advising users to deactivate remote management over RPC working for DNS Servers via the registry key. In addition, customers need to block inbound unsolicited e-mails on ports between 1024 and 5000 and activate TCP/IP filtering to prevent attackers from exploiting this flaw. Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails ยป SPAMfighter News - 4/21/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
