Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2007 > Active Exploitation of Unpatched Windows Domain Name Service Vulnerability

April 2007

Active Exploitation of Unpatched Windows Domain Name Service Vulnerability

ID: 118
Ref: 060/2007
Date: 19 April 2007:11:15:04
Version: 1
Title: Active Exploitation of Unpatched Windows Domain Name Service Vulnerability
Abstract: Active exploitation of Windows DNS vulnerability. Exploit code publicly available.
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
There have been reports of the active exploitation of the vulnerability (ref:
http://www.cpni.gov.uk/Products/advisories/default.aspx?id=al-20070413-114.xml), reported in the Microsoft Domain Name System (DNS) Server Service.

Exploit code is publicly available, increasing the threat to vulnerable systems.

Microsoft has updated its original advisory to include additional mitigation advice including details about Windows Small Business Server, the affected network port range, firewall configuration, registry key mitigation values, information regarding TCP and UDP port 445 and the 15 character computer name known issue.

Microsoft is yet to release a patch for the vulnerability and it is recommended that organisations consider the relevant workarounds.


Further Reading

Microsoft Advisory:
http://www.microsoft.com/technet/security/advisory/935964.mspx
http://blogs.technet.com/msrc/

US-CERT:
http://www.kb.cert.org/vuls/id/555920
http://www.us-cert.gov/cas/techalerts/TA07-103A.html

McAfee:
http://vil.nai.com/vil/content/v_142025.htm

SANS:
http://isc.incidents.org/diary.html?storyid=2637

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1748

______________________________________________________________________________
CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.
______________________________________________________________________________
CPNI wishes to acknowledge the contributions of Microsoft for the information contained in this advisory.
______________________________________________________________________________
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |