Hey everyone this is Adrian Stone,
I wanted to let people know that we have just posted Microsoft Security Advisory (935964).
This advisory talks about a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service. Our investigation has shown that this affects Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2. Because this is a server service, Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as they do not contain the vulnerable code.
We’ve activated our Software Security Incident Response Process (SSIRP) to investigate and have identified steps customers can take to protect themselves in the workaround section. Our teams are working hard on a security update to address the vulnerability. In the meantime, we encourage customers to review the advisory and implement the workarounds.
While the attack appears to be targeted and not widespread, we are monitoring the issue and are working with our MSRA partners to monitor and help protect customers. We will update the Advisory and blog as new information becomes available.
Thanks,
Adrian
*This posting is provided “AS IS” with no warranties, and confers no rights.*