Microsoft's security team Sunday said it is still working on a patch for a critical bug in the company's server software. The vulnerability in the Domain Name System Server Service of Windows 2000 Server SP4, Windows Server 2003 SP1, and Windows Server 2003 SP2 has been exploited since at least April 13, Microsoft acknowledged earlier -- although the company has continued to characterize those attacks as "limited."
"Our teams are continuing to work on developing and testing updates ...[but] we don't have any new estimates on release timelines," said Christopher Budd, program manager for the Microsoft Security Response Center. (MSRC) on the group's blog. "I can say that our ongoing testing so far has not raised any issues that would make us believe we might be looking at a longer timeline."
Previously, Budd has said that MSRC was shooting for releasing a patch May 8, the date of the next regularly scheduled update. Security researchers, however, had earlier predicted that Microsoft would release an out-of-cycle fix, as it did on April 3 for the Windows animated cursor vulnerability.
View: Full post
Microsoft, DNS, Bug, Vulnerability, Security, Patch, Update, DNS Bug, DNS Server Log