Saturday, April 21, 2007

Work Around for RPC Vuln on Windows DNS Server - KB Article 936263

If you don't think the Microsoft Security Research Team hasn't been busy and isn't concerned about the RPC Vulnerability on Windows DNS Servers, just take a quick look at the MSRC Blog links listed below in References. Further, if you think that the May 8, 2007, date for inclusion in the monthly bulletin release is too much time for Microsoft to be taking to issue an update, consider this from the 17 April MSRC Blog entry:
"For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers. Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don’t pose a greater risk than the security issue we’re addressing."
That's right 133 separate updates to be tested, with new findings needing to be retested!

The most recent update is the release of Knowledge Base Article 936263, linked below. KB 936263 is a repackaged version of Jesper's instructions for disabling RPC management on DNS when this needs to be performed on a large number of DCs or DNS servers. Microsoft added some error handling to the package.

Please see the references below for complete information.


No comments: