| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Serious RPC Flaw Could Expose Microsoft DNS Servers to Remote Exploits | |
|
||
| Time: 18:43 EST/23:43 GMT | News Source: BetaNews | Posted By: Jonathan Tigner | ||
|
This morning, the US-CERT team of the Department of Homeland Security acknowledged Microsoft's advisory this morning, stating that it's investigating instances where Windows servers running the DNS service can be tricked into running any code remotely in a local system context, with the same privileges as the DNS service itself. As an indication of how seriously Microsoft takes this threat, in a special advisory issued this morning, it instructs customers to use their Registry Editors to set a bit in their DNS parameters for servers running the DNS service, effectively disabling DNS bindings to remote procedure calls (RPC) in favor of local procedure calls only (LPC). From there, the company further suggests that admins use their firewalls to block all RPC traffic, which could extend from ports 1024 to 5000. Essentially, Microsoft is telling admins to shut off the pipes completely for all traffic that would otherwise enable them to manage DNS servers from remote locations. As the company acknowledges, remote management tools will not function while LPC protocol is favored and RPC ports are blocked by a firewall, though remote management through Terminal Services is still possible. Today’s threat, Microsoft said, impacts Windows Server 2003 Service Pack 1 and Service Pack 2 (just released), and Windows 2000 Service Pack 4. However, servers which use IPsec to encrypt traffic may not be impacted. Microsoft’s security advisory made a point of saying Vista is unaffected by this problem, although presently, Vista isn’t deployed in many business environments as a server anyway, especially where admins await the release of Longhorn. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 434 Last | Next |
The time now is
7:48:21 AM
ET.
Any comment problems? E-mail us |
| #1 By 37047 (74.101.157.125) at 4/14/2007 10:24:52 AM |
| Gee, where is Parkkker to tell us about some old problem with Bind? |
| #2 By 23275 (24.179.4.158) at 4/14/2007 6:06:39 PM |
| Mystic, the vuln is not in DNS [either AD, or D-DNS], the vuln is with DCOM RPC used on W2K and W2K3 servers, which supports remote management of the service - which by the by, would be mitigated/blocked by default by any firewall - even crude SOHO NAT devices, that I am aware of. So unless someone has a DC, or and DNS server facing the cloud that is not behind a firewall, then they needn't worry. The vuln does NOT/NOT exploit the DNS Service on UDP 53, or TCP 53. So, any comparison to BIND would be irrelevant - **which of course, I know you know and get the joke - I just don't want young admins out there thinking that there's an "oh my God" vuln out there like some boogey man. |
| #3 By 32132 (64.180.219.241) at 4/14/2007 10:00:22 PM |
|
#1 It only took RedHat a couple of months for this patch:
https://rhn.redhat.com/errata/RHSA-2007-0057.html But I'm curious ... how come Microsoft flaws get all the security publicity when flaws like this one get none: "A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password." https://rhn.redhat.com/errata/RHSA-2007-0095.html This post was edited by NotParker on Saturday, April 14, 2007 at 22:06. |
| #4 By 15406 (216.191.227.68) at 4/16/2007 8:57:00 AM |
|
#1: Ford is just now fixing this major batch of flaws:
http://www.internetautoguide.com/auto-recalls/05-int/suvs/ford/index.html |
| #5 By 13030 (198.22.121.110) at 4/16/2007 9:45:28 AM |
|
#3: It took Toto 6 years to fix this "issue", so I should start cutting MSFT some slack.
http://news.bbc.co.uk/2/hi/business/6559373.stm |
| #6 By 23275 (24.179.4.158) at 4/16/2007 12:20:05 PM |
|
I sure get tired of the world holding out that Microsoft is the only company that supports some form of remote method(ing)/remote code execution like it <the ability> is some kind of flaw... as if the functions of DS services, and the end point mapper service don't exist in similar ways, or are not used in similar ways on other operating systems - regardless of ports actually assigned. It's just daffy.
There are many and they are as useful and potentially vulnerable as any Microsoft has evolved. It's just like the rap ActiveX gets - like any other browser doesn't support one or more forms of RMI - it's ridiculous and foolish to assume that others are safer, or better. |
| #7 By 15406 (216.191.227.68) at 4/16/2007 12:44:23 PM |
| #6: So what you appear to be saying is that you shouldn't complain about anything if there is the possibility that something somewhere might be worse? Sounds bogus to me. This site is about everything Windows, warts and all. Everyone knows all software has bugs and that will never change. Other communities I've seen don't seem to be as emotionally invested and can actually offer criticism, constructive or not, without the rampart fanboyism. Here at ActiveWin we have some who are unable to acknowledge any of MS' faults and instead spend their time defending MS, sometimes to the point of absurdity. Kind of like trying to stop the rain with a bucket. |
| #8 By 37047 (216.191.227.68) at 4/16/2007 12:53:09 PM |
| #3, #6: This is the same as complaining about a Bind defect in a Unix/Linux forum, and someone saying that this is not an issue worth discussing, because Windows has a DNS related flaw. This would be equally inane on the Unix/Linux forum. Since this site is ActiveWin, and not ActiveLinux or ActiveUnix, I have operated under the presumption that the topics here relate specifically to Windows and other products that run on Windows. So, mentioning a newly found Firefox security hole would be fair game, as long as it is in the version running on Windows, and not some issue specific to, say, the Linux version or the Mac version. Now, if this is only meant to be a site for Microsoft Fanboyz, then please let the rest of us know, and maybe the site can be renamed ActiveWinFanBoyz.com or something else equally descriptive. Until then, I will operate under the presumption that we are here to discuss Windows related topics, both positive and negative. |
| #9 By 13030 (198.22.121.110) at 4/16/2007 1:28:03 PM |
|
#6: It's just like the rap ActiveX gets...
And deservedly so! ActiveX was a poorly thought out wrapper around COM which, in-and-of itself, wasn't designed with security in mind. (I'm not saying that was necessarily a flaw of COM--it's just the way it was designed. Technologies today must consider security, however.) MSFT had such a fear (completely unfounded in my opinion) of losing its desktop dominance in the mid 90s to the Internet, or thin clients, or browser-based appliances that it rushed out its response. The result was the VB-nurtured, secure application owned and client-based ActiveX model hacked to work with IE. Since ActiveX security was the responsibility of the host application, you got the equivalent of the "Let's Make a Deal" game show. If you selected the IE door, you had a great chance to win the goat! #7, 8: If a defect occurs in the MSFT "forest" and a MSFT fanboi doesn't acknowledge it by misdirection or minimization, does the defect, in fact, really exist? |
| #10 By 15406 (216.191.227.68) at 4/16/2007 1:56:36 PM |
|
#9: I'll ask the Dalai Lama the next time he's over.
|
| #11 By 23275 (24.179.4.158) at 4/16/2007 3:41:54 PM |
|
#9, Ch, I'd agree with poorly implemented and managed, but not poorly designed - ActiveX was designed from the outset to use signed controls supported by certificates.
Since XP SP2 in Aug, 2004, ActiveX has been far better managed and in IE 7 under Vista, IE 7 runs in Procted Mode by default and in its own context/space which is very restrocted and limited. Many learned pundits continue to assert that ActiveX controls just run with no user intervention and they mention Protected Mode without explaining what it is, or that it is on by default - much less getting into that there is no root level admin account that is enabled under Vista and all accounts are actually restricted. Similarly, and opposite RMI, COM remains very important and pursued by Mozilla advocates for the same reasons it is useful to IE centric devs... http://www.iol.ie/~locka/mozilla/mozilla.htm Why? Previous versions of Netscape Communicator/Navigator were arguably superior to IE as day to day browsers but they suffered through their immediate usability and modularity. Although the Netscape browser was great as a standalone application, it wasn't possible to utilize that functionality in third party applications. On the other hand, Internet Explorer shipped with an ActiveX control which allowed exactly that ability. So given how users on Windows operating system MUST agree to all software installs - how in the heck is an ActiveX control any different from any other software that a user downloads and agrees to install in this context? Like a sidebar Gadget, for example - if it does not from Microsoft's site and is signed/certified to be safe? I mean, each would have to be signed, or recieve the same warnings. Similarly, where COM is not used and another form of RMI is used, Windows Vista users are also warned and offered a choice. If anything, Vista, and IE 7 have given new life to the use of COM/RMI. I mean also, AJAX/ATLAS haven't won over all just yet and they have their own security issues to contend with as well as a lot of dev time ahead of them. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 434 Last | Next |
The time now is
7:48:21 AM
ET.
Any comment problems? E-mail us |
