Microsoft Security Advisory (935964): Vulnerability in RPC

Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and […]

Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

Microsoft’s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.

What is the scope of the advisory?
Microsoft is aware of limited attacks that exploit a vulnerability affecting the RPC interface of the Microsoft DNS service. 

Is this a security vulnerability that requires Microsoft to issue a security update?
Microsoft is completing development of a security update for Windows that addresses this vulnerability.

What causes the vulnerability?
A stack-based buffer overrun exists in the Windows DNS Server's RPC interface implementation.

How could an attacker exploit the vulnerability?
On Windows 2000 Server and Windows Server 2003 running the DNS Server Service an anonymous attacker could try to exploit the vulnerability by sending a specially crafted RPC packet to an affected system.

Is my DNS Server vulnerable to attack over port 53?
The name resolution functionality of the DNS service exposed over port 53 is not vulnerable to this attack.

What is Remote Procedure Call (RPC)?
Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. In RPC, the requesting program is the client and the service-providing program is the server.

What versions of Microsoft Windows are associated with this advisory?
This advisory discusses Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.

View: Full post

Microsoft, Security, Advisory, 935964, Vulnerability, RPC, Windows, DNS, Server, Remote, Code, Execution, RCE, Remote Code Execution