We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,018 News Articles

Microsoft fails to patch 'critical' bug

Windows DNS Server Bug remains a threat

Microsoft's security team is still working on a patch for a critical bug in the company's server software.

The vulnerability in the Domain Name System Server Service of Windows 2000 Server SP4, Windows Server 2003 SP1 and Windows Server 2003 SP2, has been exploited since at least 13 April, although the company has continued to characterise those attacks as "limited”.

"Our teams are continuing to work on developing and testing updates...[but] we don't have any new estimates on release timelines," said Christopher Budd, program manager for the Microsoft Security Response Center (MSRC) on the group's blog. "I can say that our ongoing testing so far has not raised any issues that would make us believe we might be looking at a longer timeline."

Previously, Budd has said that MSRC was shooting for releasing a patch 8 May, the date of the next regularly-scheduled update. Security researchers, however, had earlier predicted that Microsoft would release an out-of-cycle fix, as it did on 3 April for the Windows animated cursor vulnerability.

Also over the weekend, Microsoft posted a new document on its Knowledge Base support site that spells out how IT administrators can deploy a workaround for the DNS Server bug to all domain controllers in the enterprise. Earlier guidance from Microsoft - as laid out in the security advisory it first published 13 April - only gave instructions on how to disable remote administration of the DNS service one machine at a time.

Microsoft's how-to relies on techniques taken from a blog posting by Jesper Johansson, a former Microsoft senior security strategist. "Our PSS [product support services] team took [Johansson's] idea, added some error handling to it, and built it into a KB," said Budd.

Last week, several botworms tried to exploit the vulnerability to hijack servers.

www.computerworld.com


IDG UK Sites

EE brings 4G LTE to Cornwall and a total of 21 new towns

IDG UK Sites

iOS 8 review: Hands on with the iOS 8 beta

IDG UK Sites

5 things Android Wear *can't* do: Smartwatch OS is great but not flawless

IDG UK Sites

Sharknado 2 VFX: how The Asylum created CG flying man-eating sharks