Microsoft DNS Server Vulnerability

Microsoft released an advisory concerning a new vulnerability in their DNS system software running on their servers. Anyone able to exploit this vulnerability could run in the context of the DNS server, which by default runs as local System.

Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

Microsoft?s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM. Source: Microsoft Security Advisory (935964) – Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.

The workaround? Disable remote management over RPC capability for DNS Servers through the registry key setting, visit the advisory for steps on how to do this.