Online attackers are targeting a previously unknown vulnerability in Microsoft's Domain Name System (DNS) Server on Windows 2000 and 2003 servers, the software giant said in an advisory published on Thursday.
The security flaw, a stack-based buffer overflow, occurs in the software's handling of connections to the remote procedure call (RPC) management interface of the server. An unauthenticated attacker can exploit the vulnerability can gain total control of the server, the software giant said.
"Microsofts initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM," the software giant said in the advisory.
The RPC vulnerability puts the DNS server flaw in the same class of vulnerabilities as the flaw that allowed the MSBlast, or Blaster, worm to spread. The worm likely infected more than 25 million computers, according to data collected by Microsoft. However, since most servers' RPC functionality should not be accessible from the Internet, the threat from the attack may be mitigated.
The vulnerability impacts Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2, the software giant stated. Other versions of Windows -- including Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista -- are not affected as these versions do not contain the vulnerable code.
The vulnerability does not affect normal port 53 traffic for DNS resolution, Microsoft stated. The company did not quantify the number of attacks its customers have reported.
Among the workarounds for the issue, Microsoft has recommended that DNS server administrators deactivate remote RPC management via the Windows registry.
Posted by: Robert Lemos