Microsoft Vulnerability in RPC on Windows DNS Server
As a follow up to our diary earlier this week about a potential new DNS Vulnerability,  Microsoft has released an advisory in regard to the vulnerability.  Microsoft has investigated and it appears a vulnerability exists that could allow an attacker to run code under the Domain Name System Server service.  This service by default runs as the local SYSTEM id. 

Microsoft has a few suggested actions that can mitigate the risk.

  1. Disable remote management over RPC for the DNS server via a registry key setting.
  2. Block unsolicited inbound traffic on ports 1024-5000 using  IPsec or other firewall.
  3. Enable the advanced TCP/IP Filtering options on the appropriate interfaces of the server.

For more information, please see  KB 935964 (Vulnerability in RPC on WIndows DNS Server Could Allow Remote Code Execution).

Scott Fendley
ISC Handler


191 Posts
ISC Handler
Apr 13th 2007

Sign Up for Free or Log In to start participating in the conversation!