[BESAdmin-Announcements] Microsoft Security Advisory 935964 - Vulnerability in RPC on Windows DNS Server
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Tue Apr 17 14:31:27 PDT 2007
Microsoft released Security Advisory 935964 last Friday to warn
customers about a publicly known vulnerability in the Domain Name System
(DNS) Server Service. Microsoft is strongly advising customers to
deploy the registry key workaround as soon as possible. BigFix has
released Fixlet messages to the "Enterprise Security" site that
implements Microsoft's suggested registry key workaround to "disable
remote management over RPC capability for DNS Servers."
The Fixlet messages detect Windows 2000 Server SP4 and Windows Server
2003 SP1/SP2 machines that have the DNS Server service installed but do
not have the "RpcProtocol" registry value set to restrict the DNS RPC
interface to LPC-only. The Fixlet message action allows the BES
operator to deploy the registry change. The action will also restart
the DNS Server service if it is currently running so the change will
take effect immediately.
Note that after the DNS RPC interface has been restricted to LPC-only, a
corresponding "restore" Fixlet message is available to revert
"RpcProtocol" to its original value, or remove it if it didn't
previously exist.
Fixlet Messages:
ID 93596401: "935964: Vulnerability in RPC on Windows DNS Server Could
Allow Remote Code Execution"
ID 93596402: "935964: Vulnerability in RPC on Windows DNS Server Could
Allow Remote Code Execution - Restore"
ID 93596405: "935964: Vulnerability in RPC on Windows DNS Server Could
Allow Remote Code Execution - Windows Server 2003 (x64)"
ID 93596406: "935964: Vulnerability in RPC on Windows DNS Server Could
Allow Remote Code Execution - Restore - Windows Server 2003 (x64)"
For more information, see the following Microsoft web pages:
Microsoft Security Advisory 935964:
http://www.microsoft.com/technet/security/advisory/935964.mspx
Microsoft Security Response Center (MSRC) blog entries:
April 13th:
http://blogs.technet.com/msrc/archive/2007/04/13/more-information-on-mic
rosoft-security-advisory-935964.aspx
April 15th:
http://blogs.technet.com/msrc/archive/2007/04/15/situation-update-on-mic
rosoft-security-advisory.aspx
April 16th:
http://blogs.technet.com/msrc/archive/2007/04/16/monday-update-on-micros
oft-security-advisory-935964.aspx
Please contact BigFix Technical Support if you have any questions
regarding this announcement.
BigFix Product Team
Questions / Comments? Use the BigFix User Forum at
http://forum.bigfix.com <http://forum.bigfix.como/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20070417/8679dfa7/attachment.htm
More information about the Besadmin-announcements
mailing list