Microsoft Urges Workaround as Worm Hits Unpatched DNS Flaw
With a worm exploiting the unpatched zero-day vulnerability in Microsoft's Domain Name System Service mere days after it was discovered, Microsoft on Monday urged customers to apply workarounds the company had provided in its earlier security advisory. The W32/Delbot-AI worm, aka Nirbot or Rinbot, is infecting PCs via a vulnerability in the way the Windows DNS Server's RPC (Remote Procedure Call) interface has been implemented. Attackers are sending a crafted RPC packet to vulnerable PCs, turning them into zombie systems from which attackers can steal information and which they can control as nodes in a botnet. As of Monday, the MSRC's Christopher Budd was still downplaying the effects of the worm, saying that the attack "does not appear widespread." Regardless, deploying workarounds provided in the security advisory to mitigate this unpatched zero-day attack should be a priority, he said. "By quickly deploying the workarounds customers can mitigate the risk of an effective attack on their networks," he writes. "Once again, we want to strongly advise customers to deploy the workarounds in their environment as soon as possible." Microsoft in particular is urging customers to deploy a registry key workaround and to deploy the latest signatures for their security products. Microsoft has updated its advisory three times since it was posted last week, and a spokesperson for the company told eWEEK that another update is coming via the MSRC blog sometime tonight. The news of the worm attack comes only a week after Microsoft issued patches for critical vulnerabilities on its monthly Patch Tuesday. On top of those patches, subsequent reports of bugs in Microsoft Office appeared, and Microsoft's security team have also been busy investigating attacks aimed at Vista's OEM BIOS activation feature. "The computer underground appear to be revelling in waiting until Microsoft has released its monthly batch of patches, before unleashing their latest attacks," said Graham Cluley, senior technology consultant for Sophos, in a post. "It's not just businesses who are being affected by this, but Microsoft will not be enjoying having the security of their software brought into question again." As for the timing of a patch, a Microsoft spokesperson couldn't give eWEEK a timeline. The MSRC's Budd said in his Monday post that teams are working "around the clock" on the update and are monitoring the situation along with the company's MSRA partners. "As soon as we have any new information, we'll update you through the advisory and the MSRC weblog," he wrote. |
Comments (3)
http://www.realtime-windowsserver.com/articles_analysis/2007/04/bluelane_releases_threat_filte.htm
Greg Shields blog: Blue Lane releases threat filter for Windows DNS vulnerability
FYI
Posted by Greg Ness | April 18, 2007 2:15 PM
I don't get it!!
WHEN do people realize that ANY MS product is a SECURITY RISK!!
Use OSX, SCO, Unix, Linux, "noMSnix" or whatever to get away from the MS security/Virus magnet.
I think by now the THINKING IT people would have remedy that!
I hope that the MS brainwashing is wearing off by now.
sheeeesh
Posted by northwolf | April 18, 2007 4:00 PM
Our security is only as good as the manufacturer of the software and hardware. We must be aware and informed of problems that make for unsecure computer performance. Microsoft needs to develop a team approach instead of the competitive problems that occurr in the race to stay on top of the market. United computing is necessary these days for good results and security.
Thank you for your awareness and passing along the needed information for security.
Posted by Mary Kimberlin | April 19, 2007 6:03 AM