The RPC interface of DNS service is prone to a buffer overflow vulnerability, which allows a remote attacker to gain local privileges of a victim host, according to Microsoft Security Advisory. All versions of Windows 2000 Server and 2003 might be affected.
NSFOCUS Security Team, after close tracking and profound analysis of the vulnerability, has found that it is a stack-based buffer vulnerability for which the exploit code can be easily compiled. The exploitation can be implemented anonymously without any authentication, therefore it is highly critical.
The vulnerability is reported to have been actively exploited. As a response, Microsoft has set about to developing the patch. NSFOCUS recommends users install the latest patch once available from Microsoft and victim users apply to the workaround below at the earliest opportunity.
Disable DNS service if not needed. Open Control Panel->Management Tools, locate DNS Client and disable it. If the service is needed, you may want to disable the RPC interface of DNS to block remote attacks.
1. To access the Registry Editor, click Start, click Run, type Regedit and then click Ok.
2. Browse to the following Registry Key:
"Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"
then create a DWORD value with the name RpcProtocol.
3. Set the value to 4.
4. Restart DNS.
The normal DNS service is not affected by the configuration. |
