Microsoft Under Pressure to Deliver Zero-Day DNS Patch
Redmond said it will release a fix to a critical Windows DNS flaw that opens a hole for phishing attacks and other e-mail disruptions, but no date has been set. Security experts warned of an increased number of attacks after the code for at least four of the exploits was published on the Web last weekend.
04/19/07 11:14 AM PT
Microsoft on Wednesday announced plans to offer a fix to a critical flaw in Windows Domain Name System (DNS) servers that is currently being exploited by cybercriminals.
The zero-day flaw, found on servers running Windows Server 2000 Service Pack 4 and Windows Server 2003 Service Pack 1 and Service Pack 2, gives attackers full control over infected computers via an Internet Relay Chat channel.
The public release of computer code that exploits the yet-to-be-patched Windows security hole has put pressure on Redmond to release a patch prior to its next patch cycle on May 8.
The flaw opens a hole for phishing attacks, directory services problems and other types of e-mail disruptions, according to Microsoft.
Security experts are warning that at least four exploits of the DNS flaw were published on the Internet last weekend, raising concerns over the possibility of widespread attacks.
Once the code was published, Symantec raised its risk level and warned of an expected increase in attacks.
On Monday, security experts revealed that variants of the Rinbot (or Nirbot) worm had been scanning networks for vulnerable systems and then attempting to exploit the DNS vulnerability.
Limited Attack Cited
Microsoft last week reported a "limited attack" on systems due to the flaw, but that was before the exploit's code was widely published on the Web.
"We are aware, though, of public disclosure of proof-of-concept code to exploit the vulnerability," Christopher Budd, a Microsoft Security Response Center spokesperson, wrote on the company's security blog.
"Attacks are still limited," he added.
Users of vulnerable systems should apply the workarounds that are available on Microsoft's security bulletin page.
Although the publication of the code has raised alarms in many quarters, properly protected servers should not be vulnerable, according to security vendor Sophos.
The flaw in Microsoft's code may have been around for a only a few days, but it didn't take long for hackers to take advantage of it, Graham Cluley, senior technology consultant for Sophos, told TechNewsWorld.
"Time and time again, hackers are forcing companies like Microsoft to scramble around to develop, test and roll out a software patch," Cluley noted.
Although Microsoft has not provided an estimate of when the fix will be ready for download, its teams around the world are "working on it 24 hours a day," according to Budd.
"However, this is a developing situation and we are constantly evaluating the situation and the status of our development and testing of updates," Budd said in his blog.
The DNS breach is the latest in a recent string of security flaws affecting Microsoft's software.