Hackers Attacking New Microsoft Zero-Day Bug - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Hackers Attacking New Microsoft Zero-Day Bug

Unlike a Microsoft vulnerability on a desktop that affects a single user, this zero-day DNS bug could affect a company's entire roster of employees.

A zero-day vulnerability in several of Microsoft's server products could enable a hacker to divert the Web traffic of not just a single user but of a company's entire roster of employees, the company warned this week.

Microsoft released an advisory late Thursday warning users that it is investigating a "limited" number of attacks that are exploiting a vulnerability in the Domain Name System (DNS) Server Service. The bug could affect servers running Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 SP 1, and Windows Server 2003 SP 2.

The advisory states that Windows Vista, along with Microsoft Windows 2000 Professional SP 4 and Windows XP SP 2, do not contain the flawed code, and so they are not affected.

The exploits started to appear on the Internet mid-week.

"This is pretty dangerous," said Amol Sarwate, manager of the vulnerability research lab at Qualys, Inc., a security company based in Redwood Shores, Calif. "This is not a desktop problem but a server problem, so it will affect all of the users in a company that use that server."

Sarwate explained in an interview that the flaw affects the DNS server, which translates names into IP addresses. For example, when a user types "www.yahoo.com" into her browser, the DNS server translates that text address into an IP address so the request can be routed through to the correct servers. The buffer overflow bug is in the remote management component of the DNS.

Microsoft noted in its advisory that the bug enables remote code execution, which the company generally ranks as a critical security risk.

"These servers are in data centers so [by exploiting this flaw] an attacker can change a DNS setting so that when I type yahoo.com in, my browser will not go there but it will go to a site the hacker wants me to go to," he said, noting that users would most likely be diverted to a malicious Web site where they would be infected with malware.

The Internet Storm Center noted in its daily diary Friday that Microsoft is offering up a few workarounds, which by definition are not patches, but ways to run the software while mitigating some of the risk. Users can disable remote management for the DNS server. They also can block unsolicited inbound traffic on ports 1024-5000 using IPSec or other firewalls, and they can enable the advanced TCP/IP Filtering options on the appropriate interfaces of the server.

Sarwate said he is recommending that users employ the work-arounds until a patch is released, but noted that applying at least one of them could be tricky. He pointed out that it would be problematic to disable remote management of the DNS server since most of these servers are typically management remotely since they're often located off in a data center.

The U.S.-CERT announced that it too is investigating the vulnerability.

Microsoft customers who believe they've been affected by this exploit can seek information through the company's Security Help Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll