But from what I read last night, it is only serious if some one is running a MS DNS server that is not behind a firewall or otherwise has the range of ports in question open from the Internet.
John T > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Darrell ([EMAIL PROTECTED]) > Sent: Friday, April 13, 2007 7:08 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Vulnerability in RPC on Windows DNS Server > Could Allow Remote Code Execution > > FYI - This looks pretty serious and will probably affect most of us. > > This alert is to notify you that Microsoft has released Security > Advisory > 935964 - Vulnerability in RPC on Windows DNS Server Could Allow Remote > Code > Execution - on 12 April 2007. > > Summary: > > Microsoft is investigating new public reports of a limited attack > exploiting > a vulnerability in the Domain Name System (DNS) Server Service in > Microsoft > Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, > and > Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional > Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not > affected as these versions do not contain the vulnerable code. > > Microsoft's initial investigation reveals that the attempts to exploit > this > vulnerability could allow an attacker to run code in the security > context of > the Domain Name System Server Service, which by default runs as Local > SYSTEM. > > Upon completion of this investigation, Microsoft will take appropriate > action to help protect our customers. This may include providing a > security > update through our monthly release process or providing an out-of-cycle > security update, depending on customer needs. > > Recommendations: > > Review Microsoft Security Advisory 935964 for an overview of the issue, > details on affected components, mitigating factors, suggested actions, > frequently asked questions (FAQ) and links to additional resources. > > Customers who believe they are affected can contact Product Support > Services. Contact Product Support Services in North America for help > with > security update issues or viruses at no charge using the PC Safety line > (1-866-PCSAFETY). International customers can use any method found at > this > location: http://support.microsoft.com/security. > > International customers can receive support from their local Microsoft > subsidiaries. There is no charge for support that is associated with > security updates. For more information about how to contact Microsoft > for > support issues, visit the International Support Web site: > http://support.microsoft.com/common/international.aspx. > > Additional Resources: > > * Microsoft Security Advisory 935964 - Vulnerability in RPC on Windows > DNS > Server Could Allow Remote Code Execution - > http://www.microsoft.com/technet/security/advisory/935964.mspx > > * MSRC Blog: > http://blogs.technet.com/msrc/ > > Note: check the MSRC Blog periodically as new information may appear > there. > > Regarding Information Consistency: > > We strive to provide you with accurate information in static (this > mail) and > dynamic (web-based) content. Security Advisories posted to the web are > occasionally updated to reflect late-breaking information. If this > results > in an inconsistency between the information here and the information in > the > web-based Security Advisory, the information in the web-based Security > Advisory is authoritative. > > If you have any questions regarding this alert please contact your > Technical > Account Manager or Application Development Consultant. > > Thank you, > Microsoft PSS Security Team > > > ------------------------------------------- > Check out http://www.invariantsystems.com for utilities for Declude, > Imail, > mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI > integration, MRTG Integration, and Log Parsers. > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
