Sometimes its better to sleep on it
But no gold star. Reading further information from Microsoft in regards to the current Windows Server DNS RPC vulnerability I read this new post on the Microsoft Security Response Blog: More information on Microsoft Security Advisory 935964. Now I really appreciate Microsoft's efforts at transparency, I really feel it's the Microsoft Security Response Center's best trait, and something other security shops at large companies could learn from.
I was a bit worried though when I read the following line:"Our teams worked overnight to identify workarounds that could protect customers while we worked on an update."
Now, I really appreciate the efforts, but if you saw the recommendations you might be a bit concerned for the Microsoft Security folks. They lost a whole night of sleep to come up with their remediation actions: 3 different ways to turn the service off and the recommendation that you block the ports (all 3976 of them). Now I realize I'm over simplifying a bit, but not that much.
So yeah add to that all the ANI fun, mostly the whole "working against Vista/IE 7" and maybe my recent faith in Microsoft came a bit too soon. Such is life though, and I'm going back to setting up Win2k3 and it's DNS server with all it's RPC muckiness in VMWare so I'm ready when that PoC goodness drops. Until then I'm gonna spend my day shooting a few of the other Minds. Gonna be a good day.
1 comments:
Have you played with the metasploit plugin?
It works like a champ but after compromising the host, the DNS service stops resolving, which will tip off the server admin pretty quickly.
I've also found that if you have an IPS that blocks the payload only, the DNS service hangs and forces a DOS situation.
Post a Comment