Volume 4, Number 16 -- April 25, 2007

No Patch Yet for DNS Flaw

Published: April 25, 2007

by Alex Woodie

Microsoft is still working to patch the DNS flaw in Windows Server 2003 and Windows 2000 Server that hackers began exploiting weeks ago. The software giant is committed to delivering a patch by May 8, the date of the next Patch Tuesday event. Meanwhile, Microsoft security researchers have posted a new workaround that administrators can use to disable Windows' vulnerable bits and protect their servers from DNS exploits.

Reports of attacks utilizing a flaw in the DNS Server Service in Windows 2000 Server service pack 4 and Windows Server 2003 SP1 and SP2 started trickling in the first week in April. On April 12, Microsoft published its first security advisory and workarounds for the flaw.

Soon thereafter, the first packaged exploit was discovered on the Web, with several more exploits of the genus Siveras (as Microsoft refers to it) popping up last week (currently, Microsoft counts five Siveras variants circulating the Web). As more information about the flaw was published and workarounds were posted, it enabled hackers and malware writers to find new and creative ways of exploiting the flaw. Such is the modern world of network security.

The good news appears to be that few organizations are being hit with DNS flaw exploits, and instances of DNS exploits on the Web appear to be relatively low. Indeed, according to security researchers, malware writers are still busy developing exploits for the ANI Animated Cursor Flaw, which Microsoft fixed with an out-of-band patch in early April. Microsoft has given the DNS flaw and its associated Siveras exploits a "moderate" severity rating, and says attacks are not common.

Just the same, independent security experts are wary of the flaw, and have put more urgency behind it than Microsoft, which is not uncommon. What's more, security experts are concerned that hackers are exploiting the flaw to build a network of compromised machines, or a botnet army, that could be used to launch other attacks. Hackers could be keeping DNS-exploited machines in their back pockets for the future. Events do not move linearly in the security world, and today's vulnerabilities are likely to be the bases for tomorrow's attacks.

Meanwhile, Microsoft developers are working "around the clock" to fix the flaw and test the patches, according to Microsoft security program manager Christopher Budd's postings to the Microsoft Security Response Center team blog. At first, Budd said Microsoft would release a patch by May 8, the next regularly scheduled Patch Tuesday, if not sooner.

More recent posts hint that the delivery of the patch may be later, not sooner. "As of tonight, the situation remains unchanged," Budd wrote on the MSRC blog Sunday night. "We don't have any new estimates on release timelines. I can say that our ongoing testing so far has not raised any issues that would make us believe we might be looking at a longer timeline." The attacks, Budd wrote for the fourth team in two weeks, "are still not widespread."

So, in the face of a less-than-daunting DNS flaw threat, it appears that Microsoft has chosen to take it's time with the patch. In lieu of mass casualties from the DNS flaw, that may turn out to be a good decision. That's because this patch, when it appears, will likely be a mega-patch. According to Budd, Microsoft is developing and testing 133 separate iterations of the patch, to address all possible versions and languages. Doing quality assurance (QA) on such an update is a tedious, time-consuming task that is easy to mess up.

Perhaps Microsoft is applying a lesson it learned with the patch for the ANI Animated Cursor Flaw, which it delivered as a rare out-of-band patch on April 3, a week before its regularly scheduled Patch Tuesday event. Microsoft didn't do enough testing on the ANI patch and overlooked incompatibilities between the patch and several third-party products, including Realtek HD Audio Control Panel, Suunto Ski Manager, and BMC Software Patrol, among others. Microsoft has since posted updates to those problems, which can be viewed at Knowledge Base article 935448.

Meanwhile, Microsoft has also found other ways that users can mitigate the DNS flaw in lieu of a patch. On Friday, the company posted Knowledge Base article 936263, which details a new way users can protect themselves from the DNS flay by disabling remote management of the DNS Server service. The adjustments are made by changing the registry.


Windows Server DNS Flaw Being Exploited

Microsoft Patches Animated Cursor Flaw in Windows

                     Post this story to
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

For a limited, Storage Guardian is offering
our remote backup services at a rate of
$8/compressed GB/month (based on a
3:1 compression ratio) with
No Minimum GB/month Commitment.

                                            · Backup System State / Active Directory
                                            · SQL, MS Exchange, .PST files "Open & Locked"
                                            · Bare Metal Restore

Get your estimate NOW at:

Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Vision Solutions:  Get facts on managed availability and business continuity to eliminate downtime
Wolf Computer Consulting:  Reliable service and affordable rates for business computing needs
COMMON:  Join us at the Annual 2008 conference, March 30 - April 3, in Nashville, Tennessee


The Four Hundred
Power6: Later in 2007 Rather than Sooner?

Slowing U.S. Sales Hurt IBM's First Quarter

Reader Feedback on User-Priced System i Boxes

As I See It: Induced Labor

The Linux Beacon
FastScale Takes a Different Approach to Virtualization and Provisioning

Sun, Canonical Integrate Java, GlassFish, and NetBeans into Ubuntu

Round Two: Intel's Fortunes Rise, and AMD's Fall

Slowing U.S. Sales Hurt IBM's First Quarter

Four Hundred Stuff
PowerTech Tools Build Trust By Decreasing Authority

IBM Expects Speedier Portal Projects

BSafe Introduces Cross-Platform Auditing

CCSS Addresses SOX Requirements in QMessage Monitor

Big Iron
Slowing U.S. Sales Hurt IBM's First Quarter

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Calling SQL Functions Directly From a High Level Language Program

My Favorite Keyboard Shortcuts for RSE

Two Ways to Audit Your Backup Strategy

System i PTF Guide
April 14, 2007: Volume 9, Number 15

April 7, 2007: Volume 9, Number 14

March 31, 2007: Volume 9, Number 13

March 24, 2007: Volume 9, Number 12

March 17, 2007: Volume 9, Number 11

March 10, 2007: Volume 9, Number 10

The Unix Guardian
Fujitsu, Sun Deliver Joint Sparc Enterprise Server Line

Power6: Later in 2007 Rather than Sooner?

Slowing U.S. Sales Hurt IBM's First Quarter

As I See It: Disorderly Conduct

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar


Storage Guardian
IT Security
Lakeview Technology
Vibrant Technologies

Microsoft and SAP Talk Duet Roadmap, Tap HP for Appliance

No Patch Yet for DNS Flaw

Round Two: Intel's Fortunes Rise, and AMD's Fall

Intel Details Future 45 Nanometer Chip Plans from Beijing

But Wait, There's More:

Microsoft Takes On Digital Divide with $3 Windows-Office Bundle . . . Microsoft Asks EC for Clarity on Protocol Pricing . . . Slowing U.S. Sales Hurt IBM's First Quarter . . . Informatica Posts Record 1Q Revenue, Profits Jump 65 Percent . . . Blogs Hosting Malware, ScanSafe Says . . . PKWARE Giving Away Licenses to New SecureZIP Version 11 . . .

The Windows Observer


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement