New exploits out for DNS Vulnerability in Windows Server

Author: btv raj

Article:
The AntiVirus, AntiSpam and Content Security firm MicroWorld
Technologies urges organizations to be on their guard, as the
number of exploits out for the critical DNS vulnerability in
Windows Server rose to five. The possibility of 'Vanbot' worm
exploiting the flaw is also looked into, says the Security firm.

The flaw in question was made public by Microsoft on last
Thursday, as first reports of it came a day after the Redmond
firm's patch Tuesday. It can be found at
http://www.microsoft.com/technet/security/advisory/935964.mspx.
The flaw is related to the way DNS (Domain Name System) Server
Service uses RPC (Remote Procedure Call) interface.

RPC is a protocol used in requesting a service from a program
located in another computer in a network. An attacker can send a
malformed RPC packet to create buffer overflow in DNS service,
which will allow him to execute arbitrary code on the victim's
computer.

The affected versions are Windows 2000 Server Service Pack 4,
Windows Server 2003 Service Pack 1 and Windows Server 2003
Service Pack 2. Security researchers indicate that the new
Windows Server in the making, code named as 'Longhorn', is also
not insulated from the danger.

Rohini Sonawane, Chief Operating Officer of MicroWorld, says "If
the DNS service is compromised, the intruder can plant Pharming
attacks in the computer, where a legitimate web request can be
re-directed to a malicious spoof website. It means, when you key
in the web address of your bank in a compromised computer, the
request will go to the Phishing site, which will capture all
your confidential banking information and hand them over to the
malware author!"

According to Rohini, a variant of the 'Vanbot' worm known to
exploit many earlier Windows vulnerabilities, is reportedly
exploiting this new found loophole as well. She said MicroWorld
is analyzing these possibilities, even as the firm's products
eScan and MailScan safeguard users against all Vanbot varieties.

Vikas Vishwasrao, a Senior Security Analyst at MicroWorld
suggests that users of MicroWorld's eConceal firewall can block
Port 445 as well as Port 1025 and all Ports above, till
Microsoft releases a patch for the flaw, as these Ports are used
by the RPC protocol. He said an infection can be sensed using
TCP Connection feature of MicroWorld products, as affected
computers will show frantic network activity in IRC traffic as
well as a huge increase in HTTP traffic on non standard ports.



MicroWorld

MicroWorld Technologies (www.mwti.net) is the developer of
highly advanced AntiVirus, Content Security and Firewall
software solutions eScan, MailScan, and eConceal. MicroWorld
Winsock Layer (MWL) is the revolutionary technology that powers
most of MicroWorld products enabling them to achieve several
certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin,
Checkmark, TUCOWS, Red Hat Ready and Novell Ready.

For more information, please visit www.mwti.net


About the author:
Btv Raj is the Content Writer and Creative Visualizer of
MicroWorld Technologies.