We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft DNS flaw poses limited threat

Workaround issued for Delbot zero-day exploit

While Microsoft has not yet said when it will release a patch to fix an under-attack flaw in its server software, most properly protected servers should not be vulnerable.

"Any machine that gets successfully hit by this is poorly set up," says Ronald O'Brien, a senior security analyst at Sophos, a business security company.

The Delbot worm (known as Delbot, Nirbot, or Rinbot) exploits a zero-day flaw in the Domain Name System service on servers running Windows Server 2000 Service Pack 4 and Windows Server 2003 Service Pack 1 and Service Pack 2. Following a successful attack, the worm infects the machines with a 'bot' type of malware that gives the attacker remote control over the server, according to Sophos.

DNS is essential for all internet traffic, and by necessity many DNS servers are publicly accessible. However, attackers can reach the vulnerability only through DNS's Remote Procedure Call interface, rather than directly through the DNS service. And on any publicly accessible machine the RPC interface should be blocked by a firewall, O'Brien says.

In a posted alert update regarding the attacks, the Internet Storm Center, which tracks ongoing internet attacks, notes that "most public DNS servers should not be listening on the RPC ports”. Nevertheless, the post lists two server setups that could be vulnerable: multipurpose Windows servers used by hosting providers, and active-directory servers in internal networks.

In its security advisory, Microsoft provides instructions for a workaround that uses Registry changes to disable the RPC interface. The advisory also lists server ports that should be blocked by a firewall.

Microsoft is considering releasing an early patch to fix the vulnerability before the company's next regular patch date on 8 May.

IDG UK Sites

How to get a free EE Power Bar: Mobile and broadband customers eligible for free smartphone charger

IDG UK Sites

Why Netflix won't terminate your account for using a VPN, probably

IDG UK Sites

Forever 21 denies pirating Adobe, Autodesk and Corel software, accuses companies of 'bullying'

IDG UK Sites

New Apple TV 2015 release date rumours: Apple's WWDC invite shows Apple TV