The KB 935964 DNS Server Vulnerability and SBS

[Today’s post comes to us courtesy of Mark Stanfill]

If you’re running SBS, you should be aware of a new vulnerability and how to mitigate it.  First, the references:

Main KB article:

http://support.microsoft.com/default.aspx/kb/935964

Microsoft Security Advisory:

http://www.microsoft.com/technet/security/advisory/935964.mspx

Others have covered this (here and here), but I wanted to weigh in as well.  The security advisory walks you through the steps (set HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParametersRpcProtocol to 4 and restart the DNS Server service) in detail.  All SBS customers should implement this change as soon as possible.  All SBS servers run DNS by default.

The advisory also advises that you block “TCP and UDP port 445 as well as all unsolicited inbound traffic on ports greater than 1024”.  The key word here is unsolicited.  Obviously, you don’t want to block port 3389 for RDP or 4125 for RWW, etc. if you are publishing those services.