Microsoft: flaw in DNS service

Hackers are exploiting a vulnerability in the Windows Server DNS Service, Microsoft said last week.

  • E-Mail
By  Administrator Published  April 19, 2007

Hackers are exploiting a vulnerability in the Windows Server DNS Service, Microsoft said last week.

The warning came just days after Microsoft issued its regular monthly security release update.

The software giant said it has uncovered a flaw in the DNS server's remote procedure call (RPC) interface that allows attackers to run malicious code on the system.

The flaw occurred due to a stack-based buffer overrun, the firm said.

Microsoft said the hole applies to the Domain Name System Server Service in Microsoft Windows 2000 Server Service Pack 4 and Windows Server 2003 Service Pack 1 and 2.

"While the attack appears to be targeted and not widespread, we are monitoring the issue and are working with our MSRA partners to monitor and help protect customers," Microsoft researcher Adrian Stone said on the Microsoft Security Response blog.

Microsoft said it was working on a fix.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code