Security Watch

Keeping Track of patches and hacks in the IT security world.

List of Malicious MS DNS Flaw Exploits Still Growing

Microsoft on Thursday night added to its Malicious Software Encyclopedia four new malicious programs attempting to exploit the unpatched Domain Name System flaw in a broad array of its software. The company also added a new port to the list of ports that should be blocked for its Firewall and IPSec workarounds.

The MSRC's Christopher Budd wrote in the security center's blog that attacks are still not widespread.

"Currently, we are aware of four pieces of malicious software attempting to exploit this vulnerability," he wrote. "However, none of these automatically self-propagate."

Details of the attacks, which are named Siveras.B, Siveras.C, Siveras.D and Siveras.E, have been added to Microsoft Security Advisory 935964.

The workarounds that Microsoft has been urging customers to implement are effective against the new variants, Budd said.

Budd posted earlier in the week to the effect that Microsoft is hoping to have a patch out by Patch Tuesday in May: Port 139 has been added to the list of ports to block when implementing the workarounds. Microsoft also stressed that the workarounds are effective against attempts to exploit the vulnerability over RPC, port 445 and port 139.

"For port 445 and 139, an attacker will need to authenticate using a valid user name and password. These do not allow unauthenticated attacks the same way RPC does. However, the guest account, which is disabled by default, could be used if it has been enabled," Budd said.

Budd also said customers may have problems with DNS Server local administration and configuration using DNS administration tools when the computer name is exactly 15 characters, and not 15 characters or more, as the company first posted. Using the FQDN (Fully Qualified Domain Name) of the computer will avoid this issue.