Security Watch

Keeping Track of patches and hacks in the IT security world.

Don't Hold Your Breath for a MS DNS Hole Patch

Microsoft says it hopes to patch the hole in its Domain Name System Server—which is now leaving vulnerable PCs open to a worm attack—by "no later" than Patch Tuesday in May.

Microsoft teams are working around the world and around the clock to get a fix out for the May 8 security bulletin release, the MSRC's Christopher Budd wrote in the security center's blog on Tuesday night.

Budd said that Microsoft teams are now developing and testing 133 separate updates, including one in every language for every currently supported version of Windows servers.

"Each of these has to be tested to ensure they effectively protect against the vulnerability," Budd said. "Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing."

Microsoft has updated its Windows Live Safety Scanner and Windows Live One Care overnight to protect customers from attack. As part of the company's SSIRP (Software Security Incident Response Process) the company has also fed information to MSRA partners so their products can better protect customers. Microsoft has also been working with its partners in the Global Infrastructure Alliance for Internet Safety (GIAIS) program to stem the spread of attacks.

Budd also said that Microsoft has been working through the night with its MSRA (Microsoft Security Response Alliance) partners and so far has not seen widespread attacks.

However, he said, the zero-day vulnerability, which was discovered last week, and the subsequent attacks—which culminated in the launch of a worm attack mere days after Microsoft first noted exploits of the flaw—constitute a "developing situation" that could impact the status of Microsoft's patching and testing process, Budd said.

Microsoft is yet again urging users to deploy workarounds presented in its security advisory, saying that the workarounds are an effective protection against the attacks seen to date. In particular the company wants users to evaluate the key workaround and to make sure they're using the latest signatures for their security protection products.