Friday, April 13, 2007

Microsoft Security Advisory (935964)

Microsoft has released Security Advisory 935964 – Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution - on 12 April 2007.

Update: See Jesper's Blog post,
Turn off RPC management of DNS on all DCs, for instructions for disabling RPC management on DNS on a large number of DCs or DNS servers.


Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

Microsoft's initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.

Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.


Review Microsoft Security Advisory 935964 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.

Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers can use any method found at this location:

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site:


No comments: