<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Microsoft released Security Advisory 935964 last Friday to
warn customers about a publicly known vulnerability in the Domain Name System
(DNS) Server Service. Microsoft is strongly advising customers to deploy
the registry key workaround as soon as possible. BigFix has released
Fixlet messages to the “Enterprise Security” site that implements Microsoft’s
suggested registry key workaround to “disable remote management over RPC
capability for DNS Servers.”<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The Fixlet messages detect Windows 2000 Server SP4 and Windows
Server 2003 SP1/SP2 machines that have the DNS Server service installed but do
not have the “RpcProtocol” registry value set to restrict the DNS
RPC interface to LPC-only. The Fixlet message action allows the BES
operator to deploy the registry change. The action will also restart the
DNS Server service if it is currently running so the change will take effect immediately.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Note that after the DNS RPC interface has been restricted to
LPC-only, a corresponding “restore” Fixlet message is available to revert
“RpcProtocol” to its original value, or remove it if it
didn’t previously exist.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Fixlet Messages:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ID 93596401: “935964: Vulnerability in RPC on Windows
DNS Server Could Allow Remote Code Execution“<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ID 93596402: “935964: Vulnerability in RPC on Windows
DNS Server Could Allow Remote Code Execution - Restore“<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ID 93596405: “935964: Vulnerability in RPC on Windows
DNS Server Could Allow Remote Code Execution – Windows Server 2003 (x64)“<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>ID 93596406: “935964: Vulnerability in RPC on Windows
DNS Server Could Allow Remote Code Execution – Restore – Windows Server
2003 (x64)“<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>For more information, see the following Microsoft web pages:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Microsoft Security Advisory 935964: <a
href="http://www.microsoft.com/technet/security/advisory/935964.mspx">http://www.microsoft.com/technet/security/advisory/935964.mspx</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Microsoft Security Response Center (MSRC) blog entries:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>April 13<sup>th</sup>: <a
href="http://blogs.technet.com/msrc/archive/2007/04/13/more-information-on-microsoft-security-advisory-935964.aspx">http://blogs.technet.com/msrc/archive/2007/04/13/more-information-on-microsoft-security-advisory-935964.aspx</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>April 15<sup>th</sup>: <a
href="http://blogs.technet.com/msrc/archive/2007/04/15/situation-update-on-microsoft-security-advisory.aspx">http://blogs.technet.com/msrc/archive/2007/04/15/situation-update-on-microsoft-security-advisory.aspx</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>April 16<sup>th</sup>: <a
href="http://blogs.technet.com/msrc/archive/2007/04/16/monday-update-on-microsoft-security-advisory-935964.aspx">http://blogs.technet.com/msrc/archive/2007/04/16/monday-update-on-microsoft-security-advisory-935964.aspx</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Please contact BigFix Technical Support if you have any
questions regarding this announcement.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>BigFix Product Team<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Questions / Comments? Use the BigFix User Forum at <a
href="http://forum.bigfix.como/" title="http://forum.bigfix.como/">http://forum.bigfix.com</a></span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>