Microsoft
is warning users of a new attack targeting a vulnerability in Windows Server
2000 and 2003.
Users of Windows XP and Vista are not vulnerable to the attack, which targets
the domain name system (DNS) server component by using a specially-crafted
remote procedure call (RPC).
DNS servers are used to link a server's IP address to its domain name. When
executed, the exploit allows an attacker to remotely execute code on the target
machine.
The vulnerability was first reported by Microsoft on 13 April as a
proof-of-concept. By 16 April, two variants of attacks on the vulnerability were
reported.
Security firm
Secunia
rated the vulnerability as 'highly critical', the company's second-highest alert
level.
Microsoft has listed a number of methods for administrators to mitigate the
vulnerability, including disabling certain ports on a firewall and editing the
machine's DNS registry.
All these moves, however, will disable the ability to remotely manage a
machine's DNS server component via RPC commands.
Microsoft said that the number of reported attacks is very limited, and the
company plans to have the vulnerability patched by next month's Patch Tuesday
release, although it has not ruled out an earlier patch if attacks persist.
"Because DNS is a critical part of the networking infrastructure, they also
have to be tested to ensure that changes introduced by the updates do not pose a
greater risk than the security issue we are addressing," said Microsoft Security
Response Center researcher Christopher Budd.
Do you agree?
Have your say on this article