Action Required: Turn off RPC management of DNS on all DCs. Do it now.
If you administer a Windows domain, or a domain with Windows DNS/DC Servers, you will want to take care of this problem before you leave for the weekend. According to the advisory here, Microsoft has received public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service. According to the advisory, Microsoft’s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.
At present, the following Operating Systems are vulnerable: Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.
The security mechanisms that were architected into Windows Vista (and the forthcoming Longhorn Server) operate under the assumption that services (such as the currently vulnerable DNS Service) WILL be compromised at some point, and steps are taken so that a compromise will not affect the security of the rest of the OS. Within Windows Vista (and Longhorn Server), services have been hardened and secured in four ways: running services with Least Privilege, Service Isolation, Restricted Network Access, and Session 0 Isolation. The TechNet Article on Services Hardening can be found here, and goes into depth on each of the mitigations.
Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers can use any method found at this location: https://support.microsoft.com/security
Jesper Johansson (former MS Employee and security luminary) has posted a way to implement the current workaround on a large scale at the following site: (*Note: The following link/suggestions are from a 3rd Party site, and are not endorsed by Microsoft. Test thoroughly in a lab environment and implement at your own risk)
Comments
- Anonymous
January 01, 2003
The comment has been removed - Anonymous
June 10, 2015
Beijing on June 10 morning news, according to Bloomberg survey report GTM Research and the American Solar Energy Industries Association released the first quarter of this year, US home solar power system capacity increase of 76% over last year, to 437 megawatts (MW) ,Solar Batteries http://www.poweroak.net the nation's new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by 1.3 gigawatts (GW), the sixth consecutive quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Peneratorhttp://www.poweroak.net , Solar Power Pack http://www.poweroak.net representing an increase of 27%.
The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage systemhttp://www.poweroak.net/energy-storage-system-c-1.html