CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 8th, 2008

MS Windows DNS Client Service Vulnerability

Microsoft Windows operating systems are prone to a vulnerability that lets attackers spoof DNS clients. This issue occurs because the software fails to employ properly secure random numbers when creating DNS transaction IDs.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

Microsoft has released an advisory along with fixes to address this issue. Currently there are no reports of any working exploits.

List of vulnerable OS versions can be seen below.

 

Vulnerable:

Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 0
Microsoft Windows Vista x64 Edition 0
Microsoft Windows Vista Ultimate 64-bit edition 0
Microsoft Windows Vista Home Premium 64-bit edition 0
Microsoft Windows Vista Home Basic 64-bit edition 0
Microsoft Windows Vista Enterprise 64-bit edition 0
Microsoft Windows Vista Business 64-bit edition 0
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Business
Microsoft Windows Vista 0
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 x64 SP1
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Itanium SP1
Microsoft Windows Server 2003 Itanium 0
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server
+ Avaya S8100 Media Servers
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
3DM Software Disk Management Software SP2
3DM Software Disk Management Software SP1

Share this item with others:

More on CyberInsecure:
  • Several Vendors Including Microsoft Patch Multiplatform DNS Vulnerability
  • Monthly Microsoft Patch Fixes Critical Windows Kernel, WINS Vulnerabilities
  • NSA Goes Offline Due To A DNS Glitch
  • Trojan Poses As Update Utilities For Adobe, DeepFreeze, Java, Windows
  • New DNSChanger Trojan Allows Mass DNS Hijack, Non-Windows And Fully Patched Systems Affected

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: MS Windows DNS Client Service Vulnerability

    One Response to “MS Windows DNS Client Service Vulnerability”

    1. So this may be kind of an overly simplistic point, but what is the real world effect of randomizing transaction IDs? If the attacker was in the data path between the DNS client and the DNS server couldn’t the attacker just spoof the transaction ID sent by the client (random or not) in the response and as long as it got to the client first, and resolve any name to the server of the attacker’s choice? If the attacker isn’t in the path then there would be no way to determine what DNS requests the client was issuing and therefore no point in just sending back random replies with the “guessed” address and an IP of the attacker’s choosing unless you were trying to mess up a major site on the Internet which would be the subject of a significant percentage of Internet lookups. I just don’t see what an attacker could do with predictable transaction ID information that can’t be done with random transaction IDs.

      Any thoughts?

      Scott


    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.