This morning, the US-CERT team of the Department of Homeland Security acknowledged Microsoft's advisory this morning, stating that it's investigating instances where Windows servers running the DNS service can be tricked into running any code remotely in a local system context, with the same privileges as the DNS service itself.

As an indication of how seriously Microsoft takes this threat, in a special advisory issued this morning, it instructs customers to use their Registry Editors to set a bit in their DNS parameters for servers running the DNS service, effectively disabling DNS bindings to remote procedure calls (RPC) in favor of local procedure calls only (LPC). From there, the company further suggests that admins use their firewalls to block all RPC traffic, which could extend from ports 1024 to 5000.

Essentially, Microsoft is telling admins to shut off the pipes completely for all traffic that would otherwise enable them to manage DNS servers from remote locations. As the company acknowledges, remote management tools will not function while LPC protocol is favored and RPC ports are blocked by a firewall, though remote management through Terminal Services is still possible.

Today’s threat, Microsoft said, impacts Windows Server 2003 Service Pack 1 and Service Pack 2 (just released), and Windows 2000 Service Pack 4. However, servers which use IPsec to encrypt traffic may not be impacted. Microsoft’s security advisory made a point of saying Vista is unaffected by this problem, although presently, Vista isn’t deployed in many business environments as a server anyway, especially where admins await the release of Longhorn.