- Microsoft Windows 2000 Server Service Pack 4
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Small Business Server 2000*
- Microsoft Windows Small Business Server 2003*
Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as they do not contain the vulnerable code.
Please note, in particular, that new information about the impact of some of the workarounds on systems with 15 character, or longer, system names has been added to the Security Advisory. In addition, Microsoft staff have noted that it is possible for a user with valid logon credentials to access the vulnerability over port 445.
See the workaround in the below-referenced Security Advisory and Jesper's Blog post, Turn off RPC management of DNS on all DCs for instructions for disabling RPC management on DNS on a large number of DCs or DNS servers.
References:
- Jesper's Blog
- MSRC Blog (15Apr07)
- MSRC Blog (14Apr07)
- MSRC Blog (13Apr07)
- MSRC Blog (12Apr07)
- Security Advisory 935964
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.