Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.

Published: April 12, 2007 | Updated: April 19, 2007

Microsoft is investigating new public reports of attack exploiting a
vulnerability in the Domain Name System (DNS) Server Service in
Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003
Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft
Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2,
and Windows Vista are not affected as these versions do not contain the
vulnerable code.

Microsoft’s initial investigation reveals that
the attempts to exploit this vulnerability could allow an attacker to
run code in the security context of the Domain Name System Server
Service, which by default runs as Local SYSTEM. Our ongoing monitoring
in indicates that we are seeing new attacks to exploit the
vulnerability by the Win32/Siveras bot family. Windows Live Safety Scanner and Windows Live OneCare
can be used to detect currently known malware types that are attempting
to exploit the vulnerability. Microsoft continues to strongly urge
customers to deploy the registry workaround identified below to
comprehensively mitigate all attempts to exploit the vulnerability
through the various identified ports and authentication requirements.

Upon
completion of this investigation, Microsoft will take appropriate
action to help protect our customers. This may include providing a
security update through our monthly release process or providing an
out-of-cycle security update, depending on customer needs.

Customers
who believe they are affected can contact Product Support Services.
Contact Product Support Services in North America for help with
security update issues or viruses at no charge using the PC Safety line
(1-866-PCSAFETY). International customers can use any method found at
this location: http://support.microsoft.com/security

International
customers can receive support from their local Microsoft subsidiaries.
There is no charge for support that is associated with security
updates. For more information about how to contact Microsoft for
support issues, visit the International Support Web site.

http://www.microsoft.com/technet/security/advisory/935964.mspx