Microsoft has denied that the critical vulnerability affecting RPC on Windows Domain Name System Server is also found in Windows Vista or Windows XP Service Pack 2. The Microsoft Security response Center has tested this vulnerability against the complete range of current Windows operating systems and has concluded that the issue is limited to Windows 2000 Server SP4, Windows Server 2003 SP1 and Windows Server 2003 SP2. Microsoft continued to monitor the evolution of the problem since the initial report on April 12 and confirmed that attacks are still not widespread. The Redmond Company has also made available a new KB article designed to lend a helping hand to deploy DNS remote RPC block workaround at an enterprise level.
According to Christopher Budd, MSRC Security Program Manager, the DNS Server Service vulnerability only impacts the Windows server operating systems: "We know this because as part of our Software Security Incident Response Process (SSIRP) after we identify a vulnerability one of the first things we do is to establish the scope of affected software. We do this looking at the source code for the affected component in all publicly supported versions of the product. In the case of this vulnerability, the code with the vulnerability is in the DNS server component. That component isn't present in Windows client operating systems." Additionally, Budd pointed at May 8, as the official date for a security update to be released.
6 Comments - Add comment