Microsoft Security Advisory 935964 Posted


Hey everyone this is Adrian Stone,


I wanted to let people know that we have just posted Microsoft Security Advisory (935964).


This advisory talks about a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service. Our investigation has shown that this affects Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2. Because this is a server service, Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as they do not contain the vulnerable code.


We’ve activated our Software Security Incident Response Process (SSIRP) to investigate and have identified steps customers can take to protect themselves in the workaround section. Our teams are working hard on a security update to address the vulnerability. In the meantime, we encourage customers to review the advisory and implement the workarounds.


While the attack appears to be targeted and not widespread, we are monitoring the issue and are working with our MSRA partners to monitor and help protect customers. We will update the Advisory and blog as new information becomes available.


Thanks,


Adrian


*This posting is provided “AS IS” with no warranties, and confers no rights.* 


Comments (9)

  1. Anonymous says:

    Microsoft has released Security Advisory 935964 – Vulnerability in RPC on Windows DNS Server Could Allow

  2. Anonymous says:

    Seriously. Stop what you are doing, and turn of DNS RPC management on your DCs right now. If you administer

  3. Anonymous says:

    Hello everyone, This is Christopher Budd. As Adrian noted last night , we posted Microsoft Security Advisory

  4. Anonymous says:

    Microsoft has released Security Advisory 935964 – Vulnerability in RPC on Windows DNS Server Could Allow

  5. Anonymous says:

    The Microsoft Security Response Team is working around the clock to provide a solution to the vulnerability

  6. Anonymous says:

    If you don’t think the Microsoft Security Research Team hasn’t been busy and isn’t concerned about the

  7. Anonymous says:

    Hello everyone, This is Christopher Budd. I wanted to take a moment and provide a brief update on the