Microsoft: Dangerous DNS server bug in Longhorn code, too

Vikingod · Apr 14, 2007, 02:06 PM

Source: ComputerWorld
____________
Microsoft Corp.'s troubles with its newest operating systems continued today as it confirmed that an unpatched vulnerability in its current server software also exists in the still-beta code for Longhorn Server.

"Yes, Longhorn Server is affected," a Microsoft spokeswoman said today in an e-mail.

According to a security advisory released late yesterday, a zero-day vulnerability in the DNS Server Service in Windows 2000 Server (SP4) and Windows Server 2003 (SP1 and SP2) is being exploited by attackers, who send malformed RPC packets to the server.

Although Microsoft does not rank vulnerabilities until they are patched, most security companies and organizations have pegged this bug at or near their highest warning levels. Danish vulnerability tracker Secunia, for instance, labeled it "highly critical," while eEye Digital Security tagged it as "critical."

Apr 14, 2007, 02:06 PM	#1
Vikingod Int'l Fish Liaison Join Date: Jul 2004 Location: By the light of lamp I sit and type... Posts: 16,197 Rep Power: 112 System Specs	Microsoft: Dangerous DNS server bug in Longhorn code, too Source: ComputerWorld ____________ Microsoft Corp.'s troubles with its newest operating systems continued today as it confirmed that an unpatched vulnerability in its current server software also exists in the still-beta code for Longhorn Server. "Yes, Longhorn Server is affected," a Microsoft spokeswoman said today in an e-mail. According to a security advisory released late yesterday, a zero-day vulnerability in the DNS Server Service in Windows 2000 Server (SP4) and Windows Server 2003 (SP1 and SP2) is being exploited by attackers, who send malformed RPC packets to the server. Although Microsoft does not rank vulnerabilities until they are patched, most security companies and organizations have pegged this bug at or near their highest warning levels. Danish vulnerability tracker Secunia, for instance, labeled it "highly critical," while eEye Digital Security tagged it as "critical."