Security Watch

Keeping Track of patches and hacks in the IT security world.

MS DNS Patch on the Way

Microsoft will patch seven security flaws, including the critical DNS server flaw, outlined in its 935964 advisory, on Patch Tuesday—May 8.

The DNS patch is one of seven security bulletins to be released. The batch covers Windows, Office, Exchange, BizTalk and CAPICOM—the last of which is a security technology that allows Visual Basic, Visual Basic Script, ASP and C++ programmers to incorporate digital signing and encryption into their application. In each product there is at least one security hole rated as critical, according to the MSRC's (Microsoft Security Resource Center) Christopher Budd.

Microsoft also will be issuing an update for its Malicious Software Removal Tool, along with one high-priority, non-security update on Windows Update and six high-priority, non-security updates through Microsoft Update.

As of April 27, Microsoft hadn't seen any new developments in the situation with the DNS flaw, according to Budd.

The DNS zero-day vulnerability, discovered in early April, was almost immediately exploited. The attacks culminated in the launch of a worm attack—called Nirbot or Rinbot—mere days after Microsoft first noted exploits of the flaw.

The DNS (Domain Name System) service vulnerability is found in the way the DNS Server's RPC (Remote Procedure Call) interface has been implemented. Attackers were sending a crafted RPC packet to vulnerable PCs, turning them into zombie systems from which attackers could steal information and which they could control as nodes in a botnet.

Microsoft published workarounds for the DNS vulnerability in its initial advisory.