In an advisory this morning borrowing language used during previous statements about completely different exploits, Microsoft's Security Response Center team confirmed that it has seen at least one new wave of attacks based on proof-of-concept code impacting its DNS server software in Windows Server-based systems.
The concept enables malicious users to run code remotely under the system privileges generally granted to the DNS service itself. Although technically, the exploit does not directly threaten Internet routing the same way as the crafted IPv6 header problem in Cisco routers that also periodically rears its ugly head (or heads its ugly rear), this exploit can impact the routing of e-mail and other IP traffic within an enterprise or limited domain.
Yesterday, Microsoft acknowledged that the proof-of-concept code discovered by engineers and reported by BetaNews was responsible for the first rash of attacks. But that acknowledgment was confused by multiple press sources as having been an indication that the code was just released, when in fact, the code may have been publicly disseminated for at least a matter of weeks, if not longer.
Microsoft, DNS, Server, DNS Server Attack, Intrusion