[SingCERT] MS08-037 Vulnerabilities in DNS Could Allow Spoofing

Mailing List

[SingCERT] MS08-037 Vulnerabilities in DNS Could Allow Spoofing

Last Updated on Friday, 01 August 2008 19:34

Attention: open in a new window.

[Summary]
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
The security update addresses the vulnerabilities by using strongly random DNS transaction IDs, using random sockets for UDP queries, and updating the logic used to manage the DNS cache. [ Affected Systems ]
Windows 2000
Windows XP
Windows Server 2003
Windows Server 2008

[Solution/Workaround]
The vendor has issued a fix (see reference below).

[Reference]
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

< Prev		Next >

Additional Information

About Us
FAQ
Disclaimer
Security Awareness

Search, View and Navigation

Mailing List

Archive

[SingCERT] MS08-037 Vulnerabilities in DNS Could Allow Spoofing

Additional Information

Symantec Security Alerts