Microsoft Warns of Attacks on Web Service Flaw
Attackers are actively exploiting a newly reported flaw in Microsoft's software that is allowing them to break into vulnerable systems, the software giant warned Thursday.
The vulnerability applies to Windows 2000 Server and Windows Server 2003 running the DNS Server Service. According to Microsoft, the flaw does not affect fully patched versions of Windows 2000, Windows XP or Windows Vista. Microsoft said it has seen "limited" attacks against this flaw, which appears to initially have been sighted on Apr. 7 in an attack on an educational institution.
The company's Redmond, Wash., headquarters says it is working "around the clock" to come up with a patch to plug the hole, but in the meantime affected customers should consider implementing the tweaks documented in the "suggested actions" of its security advisory.
Update, 1:16 p.m.: As a number of people have already noted, it is not necessary for Windows 2000 Server and Windows 2003 Server users to be running a Web site for this to be a security threat. The vulnerability is with the DNS Name Service, and specifically could be a problem for users of the aforementioned systems if they allow remote management of their DNS servers. The above text has been modified.
The comments to this entry are closed.